x-kom hosting

TYSI�CE okienek podczas startu WIN 7

kuker173
utworzono
utworzono (edytowane)

Nie mam wglądu w ten komputer bo używam inny. Na tym grają dzieci 11,14 lat. Ściągają jakieś minecrafty, dodatki. Nie wiem czy to jakieś wirusy, błędy z odinstalowywaniem czegoś, czy po prostu (pewnie kilkunastoletni?) komputer się popsuł i nadaje się do recyklingu.

 

błędy z plikami:

msdcsc.exe

msiexec.exe

werfault.exe

autoupdate.exe

 

zamknięcie programu:

rodster bemoult dipotass

 

TYSIĄCE okienek z błędem pliku gry MINECRAFT:

C:\Users\Administrator\Appdata\Roaming\folder name\filename.exe

 

OTL.txt

[log]OTL logfile created on: 2013-07-02 14:23:45 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1023,18 Mb Total Physical Memory | 305,85 Mb Available Physical Memory | 29,89% Memory free
2,46 Gb Paging File | 1,60 Gb Available in Paging File | 64,91% Paging File free
Paging file location(s): c:\pagefile.sys 1500 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 44,87 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-07-02 14:22:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg\OTL.exe
PRC - [2013-06-15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-05-15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013-05-11 08:56:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013-02-27 16:38:02 | 003,233,806 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\bgr\svchost.exe
PRC - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013-01-27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-01-27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013-01-04 04:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-09-28 21:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-09-28 21:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-06-15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013-06-15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013-06-15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013-06-15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013-06-15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013-02-27 16:38:02 | 003,233,806 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\bgr\svchost.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2013-06-12 17:05:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-01-25 22:51:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-09-28 21:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013-04-27 11:03:36 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2013-01-20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011-12-15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011-09-06 01:19:48 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2011-08-17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011-08-17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011-08-17 09:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-08-17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011-08-17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010-12-07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010-12-07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010-12-07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010-12-07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010-09-28 22:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-09-28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-08-16 06:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010-08-02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes,DefaultScope = {2D78A1C7-4871-48F2-B082-9A07735F22A5}
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013-04-23 21:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Dokumenty Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe ()
O4 - HKLM..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe ()
O4 - HKU\S-1-5-20..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 3b3d5601-0ac7-43f0-b86e-0af436ff8a86 File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [java] C:\Users\Administrator\AppData\Roaming\Adobe\java.exe File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [key name] C:\Users\Administrator\AppData\Roaming\folder name\filename.exe (Instruments)
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [LaunchPad] C:\Users\Administrator\AppData\Roaming\svchost.exe ()
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [MicroUpdate] C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe ()
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS\usft_ext.exe.vbs ()
O4 - Startup: C:\Users\Wejście\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD5DEE3-DF97-4A08-8E76-7FC17215B972}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\hijackthis.exe: Debugger - ctdimj_.exe File not found
O27 - HKLM IFEO\housecalllauncher.exe: Debugger - cphojj_.exe File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - odoazt_.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - cuznff_.exe File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\RTAudioDriver0
[2013-07-02 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
[2013-07-01 10:54:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS
[2013-06-30 15:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-06-30 15:56:33 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-06-30 15:56:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-06-30 15:56:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-06-30 15:56:24 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-06-30 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-06-30 15:15:37 | 000,139,264 | ---- | C] (TechSmith eeeeeeeeeeeeeeeeeeeeeeeeee) -- C:\Users\Administrator\AppData\Roaming\__0187477b.lnk
[2013-06-29 20:06:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\dclogs
[2013-06-29 20:06:28 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\MSDCSC
[2013-06-29 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\folder name
[2013-06-29 19:32:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0
[2013-06-29 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2013-06-29 18:38:04 | 000,000,000 | ---D | C] -- C:\Fraps
[2013-06-28 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013-06-28 18:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013-06-28 18:34:19 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013-06-28 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2013-06-28 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013-06-25 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair
[2013-06-24 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\tor
[2013-06-21 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013-06-19 17:07:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Roaming\bgr
[2013-06-14 11:32:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs
[2013-06-12 22:34:14 | 000,000,000 | ---D | C] -- C:\4dd0f24423193e5b8f104b3d5b3f
[2013-06-09 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LiveGBoost
[2013-06-09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\GZero
[2013-06-09 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GZero
[2013-06-09 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\GBoost
[2013-06-09 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2013-06-09 12:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013-06-09 12:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013-06-05 11:29:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\skróty
[2013-06-05 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Marcin
[2013-06-05 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Piotr
[2013-06-05 11:25:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Sławek
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-06-04 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013-06-04 10:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013-06-04 10:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013-06-04 10:07:25 | 003,460,096 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2013-06-04 10:07:25 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2013-06-04 10:07:25 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys
[2013-06-04 10:07:25 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2013-06-04 10:07:25 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2013-06-04 10:07:24 | 016,201,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2013-06-04 10:07:24 | 006,472,192 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2013-06-04 10:07:24 | 004,077,568 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2013-06-04 10:07:24 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2013-06-04 10:07:24 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODE.exe
[2013-06-04 10:07:24 | 000,228,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2013-06-04 10:07:24 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2013-06-04 10:07:24 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2013-06-04 10:07:24 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2013-06-04 10:07:24 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODCLI.exe
[2013-06-04 10:07:24 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2013-06-04 10:07:24 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2013-06-04 10:07:24 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2013-06-04 10:07:24 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2013-06-04 10:07:23 | 004,407,808 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2013-06-04 10:07:23 | 003,953,152 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2013-06-04 10:07:23 | 000,536,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2013-06-04 10:07:23 | 000,450,560 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2013-06-04 10:07:23 | 000,380,928 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2013-06-04 10:07:23 | 000,241,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2013-06-04 10:07:23 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2013-06-04 10:07:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2013-06-04 10:07:23 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe
[2013-06-04 10:07:23 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2013-06-04 10:07:23 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2013-06-04 10:07:23 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2013-06-04 10:07:23 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2013-06-04 10:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2013-06-04 10:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
[2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SARDU
[2013-06-03 22:35:02 | 000,000,000 | ---D | C] -- C:\Temp
[2013-06-03 22:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2013-06-03 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2013-06-03 22:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
 
========== Files - Modified Within 30 Days ==========
 
[2013-07-02 14:26:28 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-02 14:26:28 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-02 14:15:39 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-02 14:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-02 14:15:04 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys
[2013-07-02 13:01:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-02 12:05:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-07-02 09:30:17 | 000,001,149 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013-07-01 16:56:29 | 000,697,988 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-07-01 16:56:29 | 000,616,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-07-01 16:56:29 | 000,135,284 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-07-01 16:56:29 | 000,106,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-07-01 16:30:46 | 002,283,008 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\svchost.exe
[2013-07-01 09:59:31 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-06-30 15:56:16 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-06-30 15:56:13 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-06-30 15:56:13 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-06-30 15:56:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-06-30 15:56:11 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-06-30 15:56:11 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-06-30 15:15:27 | 000,139,264 | ---- | M] (TechSmith eeeeeeeeeeeeeeeeeeeeeeeeee) -- C:\Users\Administrator\AppData\Roaming\__0187477b.lnk
[2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013-06-12 17:05:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-06-12 17:05:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-06-04 10:13:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
 
========== Files Created - No Company Name ==========
 
[2013-07-01 16:30:49 | 002,283,008 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\svchost.exe
[2013-07-01 10:54:56 | 000,001,149 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013-07-01 09:59:19 | 000,293,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-06-04 10:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-06-04 10:07:25 | 000,614,400 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2013-06-04 10:07:24 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013-06-04 10:07:24 | 000,022,190 | ---- | C] () -- C:\Windows\atiogl.xml
[2013-06-04 10:07:24 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013-06-04 10:07:23 | 000,078,848 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2013-04-30 23:48:41 | 000,007,637 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013-04-30 23:28:48 | 000,000,640 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013-03-17 16:44:38 | 000,000,404 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-02-17 11:10:05 | 000,003,912 | ---- | C] () -- C:\Windows\System32\HideMyIpSRV.ini
[2013-02-17 11:10:05 | 000,002,096 | ---- | C] () -- C:\Windows\System32\HideMyIpSRVOff.ini
[2013-02-03 22:47:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013-02-03 22:47:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013-02-03 22:47:35 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013-02-03 22:47:32 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013-02-03 22:47:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013-01-27 18:20:16 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT
[2013-01-26 00:06:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013-01-26 00:06:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012-06-11 14:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013-06-09 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2013-07-01 16:30:52 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\bgr
[2013-06-30 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2013-07-01 10:01:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dclogs
[2013-06-29 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\folder name
[2013-06-30 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GZero
[2013-05-08 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2013-05-16 09:47:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
[2013-05-01 12:26:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2013-05-27 15:35:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skyz
[2013-07-02 13:18:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013-07-01 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS
[2013-05-31 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\.minecraft
[2013-05-05 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\Audacity
[2013-07-02 09:39:49 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\dclogs
[2013-07-01 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\folder name
[2013-05-08 18:27:09 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\IrfanView
[2013-05-20 17:03:01 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\LolClient
[2013-05-02 09:45:48 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\OpenOffice.org
[2013-05-02 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\Thinstall
[2013-05-17 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\uTorrent
[2013-07-02 12:12:10 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\WindowsLogonSSS
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  >
[2009-07-14 06:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009-07-14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013-01-24 22:03:13 | 000,000,930 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013-01-24 22:45:34 | 000,001,032 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013-01-24 22:45:35 | 000,001,036 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< C:\*.* >
[2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2013-01-20 11:51:01 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2013-01-24 21:44:42 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2013-01-24 21:44:43 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013-07-02 14:15:04 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-05 17:55:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-10-05 17:55:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2013-07-02 14:15:05 | 1572,864,000 | -HS- | M] () -- C:\pagefile.sys
 
< D:\*.* >
 
< E:\*.* >
 
< F:\*.* >
 
< G:\*.* >
 
< H:\*.* >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %APPDATA%\*. >
[2013-06-30 20:00:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2013-06-04 10:13:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI
[2013-06-09 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2013-07-01 16:30:52 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\bgr
[2013-06-30 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2013-07-01 10:01:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dclogs
[2013-06-29 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\folder name
[2013-06-30 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GZero
[2013-04-30 23:28:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2013-05-08 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2013-05-16 09:47:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
[2013-04-13 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2013-05-01 15:59:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009-07-14 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2013-06-30 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2013-06-30 15:15:47 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2013-05-01 12:26:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2013-06-30 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2013-05-27 15:35:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skyz
[2013-07-02 14:21:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\tor
[2013-07-02 13:18:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013-07-01 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS
[2013-05-01 09:28:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
 
< %SYSTEMDRIVE%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: BEEP.SYS  >
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys
 
< MD5 for: EXPLORER.EXE  >
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: NTFS.SYS  >
[2012-08-31 19:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys
[2011-03-11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2009-07-14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2012-08-31 19:21:56 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=5126C5402C730C2A953275D8497A4715 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_a69715e87e02f01c\ntfs.sys
[2013-04-12 15:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_a870a63a7b333f99\ntfs.sys
[2012-08-31 19:20:14 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=72D1BB12770F86033C73E288CD8E3869 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_a71db3bb97234108\ntfs.sys
[2013-03-02 07:01:18 | 001,211,240 | ---- | M] (Microsoft Corporation) MD5=76371F9D9FCDE3ACDFEC3D7C3E585FB5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21483_none_a6cf054f975eb5c1\ntfs.sys
[2011-03-11 07:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2013-03-02 07:07:36 | 001,212,264 | ---- | M] (Microsoft Corporation) MD5=9CDAEBE5160B9AF02AE17C62BDB6C4B5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18106_none_a88545c87b23ee60\ntfs.sys
[2013-03-02 07:09:19 | 001,210,712 | ---- | M] (Microsoft Corporation) MD5=A458A5F7FD79C477D40ED42CF5A230CB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17267_none_a65f079e7e2d464a\ntfs.sys
[2013-04-12 15:53:03 | 001,213,288 | ---- | M] (Microsoft Corporation) MD5=A543D7FD38F51123CA6B8B4722E4D322 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_a8ae93919489a2fa\ntfs.sys
[2011-03-11 07:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2013-04-12 15:58:11 | 001,210,728 | ---- | M] (Microsoft Corporation) MD5=A8F59428E9F361C7AC42A94AC1560BC9 -- C:\Windows\System32\drivers\ntfs.sys
[2013-04-12 15:58:11 | 001,210,728 | ---- | M] (Microsoft Corporation) MD5=A8F59428E9F361C7AC42A94AC1560BC9 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17281_none_a643660a7e42e622\ntfs.sys
[2013-03-02 06:30:20 | 001,213,272 | ---- | M] (Microsoft Corporation) MD5=BDC9CE1B497B6C266ED70E3D34184F40 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22272_none_a8bf31f7947dec65\ntfs.sys
[2011-03-11 07:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys
[2013-04-12 17:59:24 | 001,211,240 | ---- | M] (Microsoft Corporation) MD5=E3B53A54A7AF3B3098701783BA15FF75 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21499_none_a6ca371f976169bc\ntfs.sys
[2012-08-31 19:01:43 | 001,212,272 | ---- | M] (Microsoft Corporation) MD5=E6C295C6F8E639957235FEE1D95077F4 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys
 
< MD5 for: SVCHOST.EXE  >
[2013-07-01 16:30:46 | 002,283,008 | ---- | M] () MD5=1DFD424B0889782D58085260FD28BEFB -- C:\Users\Administrator\AppData\Roaming\svchost.exe
[2013-02-27 16:38:02 | 003,233,806 | ---- | M] () MD5=506B0B498216371D64ABB69145B70E4C -- C:\Users\Administrator\AppData\Roaming\bgr\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\system32\ws2_32.dll
 
< %systemroot%\system32\kernel32.dll /md5 >
[2013-01-04 06:46:33 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=A2CB61B68566F6DB067607273119D27B -- C:\Windows\system32\kernel32.dll
 
< %systemroot%\system32\user32.dll /md5 >
[2009-07-14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\system32\user32.dll
 
< %systemroot%\Tasks\*.* /lockedfiles >
[2013-05-18 20:54:21 | 000,032,608 | ---- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Restore Points Found ==========
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Users\All Users] ->  -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\Users\All Users\TEMP:373E1720
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
[/log]
 
Extras.txt
[log]OTL Extras logfile created on: 2013-07-02 14:23:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1023,18 Mb Total Physical Memory | 305,85 Mb Available Physical Memory | 29,89% Memory free
2,46 Gb Paging File | 1,60 Gb Available in Paging File | 64,91% Paging File free
Paging file location(s): c:\pagefile.sys 1500 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 44,87 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_USERS\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AEC6CB-866D-4097-823D-96E881B37035}" = rport=137 | protocol=17 | dir=out | app=system | 
"{04F63EA0-D4F2-4BD6-B8C8-BB0D4A090B3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06A16589-CF67-42C4-B414-32E8DE938EB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{33CDCD12-BCBD-4C9E-949D-74C24D2C464B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4119D5CD-156E-4600-89C1-82CB3D819187}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D42F7A4-12A5-40E3-9415-7A9776218D4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5AFA8619-C77C-4E87-BACB-66D7F17401C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B7EA441-CCC0-4C5E-8522-92B6D32762DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{628B541A-D34D-4C27-8661-9B6DE814E04D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6399F48A-C696-43C8-8C1D-961C77F050C3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{68012F0C-C6F7-4E66-BEE8-94097C8C0571}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6AA7448F-5E0E-4980-BE81-DB2C7AA3E9CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{733BB00D-5238-40E3-A674-746C530BFF68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BD56393-8741-4918-B3F3-54A4FC6B37CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E66F4E0-9011-4A11-804F-922DCC79CAFA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{88F40FC8-19BE-4D82-9739-98B52CD3CDF5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9A55525B-42F4-480A-8635-C7B6FF26976F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A8F83C7C-2485-45D1-8FEC-37015F13CC28}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AE2787A8-073C-45A4-BB9C-A7C7D746D73C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B0D72FA3-BFD4-46FD-94C7-55E62572E4D9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B66FA298-B07D-4E87-87A3-F3772FF1973B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B95D20D4-8C9F-42F4-8494-25C056A42576}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BEE6CA3F-29DB-420E-9C3A-C4BA8328B1A7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | 
"{D3BB52CB-74C0-460C-B628-9F2177EEDA57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D51E6094-735A-4A7A-A81A-BDB78CABCE10}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | 
"{D7014FA5-41B7-4C35-8284-BDBB2A5C0FA4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D74B3DCA-09E8-4B6A-AC5A-F3C3CB471E89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F3559C-4B03-4894-9DA4-415297233014}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0F464F42-FCF2-4B09-9EC3-DA4BCA2DAAC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{17325361-6686-48A4-97DC-449A26A61DF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32AFC82C-EAED-4B67-968B-6EB7EB38CDCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32BEEE98-3518-4E9D-9EE7-85B677045211}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | 
"{4D45B7B9-5929-4B07-8FDF-950E0D05F029}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | 
"{58FCF44F-0920-475C-B3F8-0741F03BA527}" = protocol=6 | dir=out | app=system | 
"{5D416532-7730-4273-9BD6-90E90C5D2C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DEE1A47-B5A7-45D0-8F54-1FEA96B96D97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6958EFD7-65DF-4B22-94B1-AD7534BBBC93}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7256CF18-EFD2-49F3-8D19-F1A41E33A1F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{72E8A9BE-EB66-481B-88E2-90D5E2E8A03F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B4488FB-274D-4D9C-9CEC-916DFDE7AE1C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A1C3F4A3-055F-405E-880B-1F9DF1D85D28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AFC9FBA0-E197-4793-B89B-9B2C58400E5B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{B8AFA463-8945-4119-BFE0-08C2CAB54031}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1E6C5E3-63F0-4390-9BDD-5A771F6AABA1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E67AC286-184A-4EAD-861E-FEA816AE06EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA607723-BEC1-4914-92D9-7366D263B1BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC9B4819-A755-4F2E-8904-938EAA05BBD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EE36251C-B16B-403B-935B-E957A6873A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE33CD58-F2C6-4A18-9B8D-50DAF29E755B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{82613EB5-003B-4792-95EB-3F443AE78D25}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{844A298E-ADAC-49E2-B2C0-7A935881314F}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{99AFCC09-E3B4-426E-A97D-8482BD661F67}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{AADCE6FD-432B-4A00-A5B5-A41B4365902D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{04D77BD1-6365-4413-B853-2E307C571D85}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{C6DADD95-FD33-4C08-AA60-04DEFA73366D}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{D14CA9C8-03A2-45AC-8DB1-916F43216DCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F25C1016-C55F-4F37-A674-026CFAFB8B7B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All
"{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{11A292E3-E60B-1335-C4F8-92F1841725D6}" = CCC Help Greek
"{12CB7D4B-F29B-08D3-B305-3C3163F11E6D}" = CCC Help Finnish
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22A0602D-A83C-14A7-A09B-F3E13044D395}" = CCC Help Turkish
"{22E05721-B122-F1A6-7EB2-3A61CA382464}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{32BA6FBB-C948-F45E-934C-5CC049D16263}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35767883-90A2-B69B-E128-2912DD65CA09}" = CCC Help Dutch
"{386AB6EF-B693-C15B-52F5-88BDC6B8291E}" = CCC Help Danish
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40138968-506D-15D7-B6DD-059C06EA2682}" = CCC Help Chinese Standard
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6905AAF7-2EEA-4BC0-A429-9A6FB75D57BF}" = Windows Live Family Safety
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74BB27FA-63B9-DE85-04CB-69D51FF14AD6}" = CCC Help Chinese Traditional
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{865F8014-4DED-B63D-832A-3FB08FC38479}" = ATI Catalyst Install Manager
"{88F66BC2-87E5-53F8-48DD-728501B98181}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC72EF6-1EB6-610C-6CAB-709718CD2132}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D9F86BB-E232-AC3B-8705-146AC303F636}" = CCC Help Polish
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA3F9FB3-20DF-8CAA-919A-F507FCAA9AB9}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B1F7BB94-BE89-92DF-4736-D94A13E32622}" = CCC Help Swedish
"{B76E1251-5ACA-AAB7-518D-17DC63282D23}" = Catalyst Control Center InstallProxy
"{BA592980-D2D8-74B9-D9B0-84FB947F8DC9}" = CCC Help Portuguese
"{BAFCE6EC-1BED-0644-4AE0-0827D3A5BF2D}" = CCC Help Russian
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CDC9CB03-079E-D721-4210-0CD5AE082A1B}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE5D7C38-92A7-675C-A49E-1B4F3D945AFE}" = CCC Help French
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E654A9-FF43-C395-2673-1385B493C574}" = CCC Help Korean
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E600853D-6991-2174-0826-F0DE7E024602}" = CCC Help Spanish
"{E735A4C4-F4E0-0BA6-288F-C792BD8969B1}" = CCC Help Norwegian
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{EEA93FD7-132D-2968-9478-D84CAAF3FAD5}" = CCC Help Czech
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"uTorrent" = µTorrent
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013-07-02 08:18:12 | Computer Name = slawek | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku  z jednej z następujących
 przyczyn:  problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany
 plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak 
dysku.  System Windows zamknął program Rodster' bemoult dipotass z powodu tego błędu.
 
Program:
 Rodster' bemoult dipotass  Plik:     Wartość błędu jest wyświetlona w sekcji Dodatkowe
 dane.  Akcja użytkownika  1. Otwórz plik ponownie.  Ta sytuacja może być przejściowym
 problemem, który sam się rozwiąże po ponownym uruchomieniu programu.  2.  Jeśli nadal
 nie można uzyskać dostępu do pliku i   - jest w sieci,  administrator sieci powinien
 sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem.
-
 jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały
 dysk jest włożony do komputera.  3. Sprawdź i napraw system plików, uruchamiając 
program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
 Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia
 wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER.  4. Jeżeli problem
 nie ustąpi, przywróć plik z kopii zapasowej.  5. Ustal, czy można otworzyć inne pliki
 na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy,
 skontaktuj się z administratorem komputera lub dostawcą sprzętu  komputerowego, aby
 uzyskać dalszą pomoc.    Dodatkowe dane  Wartość błędu: 00000000  Typ dysku: 0
 
Error - 2013-07-02 08:18:14 | Computer Name = slawek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: msdcsc.exe, wersja: 7.8.0.6, sygnatura
 czasowa: 0x51a689ef  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
 czasowa: 0x00000000  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x76deffdb  Identyfikator
 procesu powodującego błąd: 0xec0  Godzina uruchomienia aplikacji powodującej błąd:
 0x01ce771ddd7b286f  Ścieżka aplikacji powodującej błąd: C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe
Ścieżka
 modułu powodującego błąd: unknown  Identyfikator raportu: 77354b6c-e311-11e2-af44-001731ce5d6e
 
Error - 2013-07-02 08:21:35 | Computer Name = slawek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: jusched.exe, wersja: 2.1.9.4, sygnatura
 czasowa: 0x513f4a9a  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
 czasowa: 0x00000000  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x01a92972  Identyfikator
 procesu powodującego błąd: 0x3d0  Godzina uruchomienia aplikacji powodującej błąd:
 0x01ce771dfbce111f  Ścieżka aplikacji powodującej błąd: C:\Program Files\Common Files\Java\Java
 Update\jusched.exe  Ścieżka modułu powodującego błąd: unknown  Identyfikator raportu:
 ef1f5368-e311-11e2-af44-001731ce5d6e
 
Error - 2013-07-02 08:26:13 | Computer Name = slawek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: MpCmdRun.exe, wersja: 4.2.223.0,
 sygnatura czasowa: 0x51020955  Nazwa modułu powodującego błąd: ntdll.dll, wersja:
 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x00000033  Identyfikator procesu powodującego błąd: 0x1c88  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01ce771f456a2098  Ścieżka aplikacji powodującej błąd:
 c:\Program Files\Microsoft Security Client\MpCmdRun.exe  Ścieżka modułu powodującego
 błąd: C:\Windows\SYSTEM32\ntdll.dll  Identyfikator raportu: 95493940-e312-11e2-af44-001731ce5d6e
 
Error - 2013-07-02 08:28:40 | Computer Name = slawek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: RunDll32.exe_WerConCpl.dll, wersja:
 6.1.7600.16385, sygnatura czasowa: 0x4a5bc637  Nazwa modułu powodującego błąd: unknown,
 wersja: 0.0.0.0, sygnatura czasowa: 0x00000000  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x03d22972  Identyfikator procesu powodującego błąd: 0x35c8  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01ce771fa4bd29b8  Ścieżka aplikacji powodującej błąd:
 C:\Windows\system32\RunDll32.exe  Ścieżka modułu powodującego błąd: unknown  Identyfikator
 raportu: ec83f46d-e312-11e2-af44-001731ce5d6e
 
Error - 2013-07-02 08:30:56 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 08:31:05 | Computer Name = slawek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: iexplore.exe, wersja: 9.0.8112.16457,
 sygnatura czasowa: 0x50a2f9e3  Nazwa modułu powodującego błąd: ntdll.dll, wersja:
 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf  Kod wyjątku: 0xc0000024  Przesunięcie
 błędu: 0x0007f2ca  Identyfikator procesu powodującego błąd: 0x1544  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01ce771e0d34526e  Ścieżka aplikacji powodującej błąd:
 C:\Program Files\Internet Explorer\iexplore.exe  Ścieżka modułu powodującego błąd:
 C:\Windows\SYSTEM32\ntdll.dll  Identyfikator raportu: 42fec24d-e313-11e2-af44-001731ce5d6e
 
Error - 2013-07-02 08:31:16 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
Error - 2013-07-02 08:31:17 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 08:31:29 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
Error - 2013-07-02 08:32:15 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 08:32:28 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 2013-03-28 07:13:55 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 12:13:54 - Błąd podczas nawiązywania połączenia z Internetem.  12:13:54
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-03-28 08:14:12 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 13:14:12 - Błąd podczas nawiązywania połączenia z Internetem.  13:14:12
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-03-28 09:14:28 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 14:14:28 - Błąd podczas nawiązywania połączenia z Internetem.  14:14:28
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-03-28 10:14:40 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 15:14:40 - Błąd podczas nawiązywania połączenia z Internetem.  15:14:40
 -     Nie można skontaktować się z serwerem..  
 
[ System Events ]
Error - 2013-05-18 06:19:27 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 
1 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 2013-05-18 06:19:51 | Computer Name = slawek | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego 
lub systemowego:   cdrom
 
Error - 2013-05-18 06:19:53 | Computer Name = slawek | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 2013-05-18 14:54:19 | Computer Name = slawek | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 20:52:41 na ?2013-?05-?18 było 
nieoczekiwane.
 
Error - 2013-05-18 14:54:10 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 
0 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-05-18 14:54:10 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 
1 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-05-18 14:54:14 | Computer Name = slawek | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 2013-05-18 14:54:14 | Computer Name = slawek | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
[/log]

Zayfi
komentarz
komentarz

Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej

:OTL
O4 - HKLM..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe ()
O4 - HKLM..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found
O4 - HKU\S-1-5-20..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 3b3d5601-0ac7-43f0-b86e-0af436ff8a86 File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [java] C:\Users\Administrator\AppData\Roaming\Adobe\java.exe File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [key name] C:\Users\Administrator\AppData\Roaming\folder name\filename.exe (Instruments)
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [LaunchPad] C:\Users\Administrator\AppData\Roaming\svchost.exe ()
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [MicroUpdate] C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found


:Files
C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS
C:\Users\Administrator\AppData\Roaming\svchost.exe
C:\Users\Administrator\AppData\Roaming\__0187477b.lnk

:Commands
[emptytemp]

Kliknij w Wykonaj skrypt

 

 

2. Zrób nowy skan OTL i daj raport

  • Dobra wypowiedź 1
kuker173
komentarz
komentarz (edytowane)

Logi w kolejnym poście

Zayfi
komentarz
komentarz

Nie wklejaj mi żadnych skryptów do skanu OTL. Zaznacz wszystkie sekcje na użyj filtrowania > wszyscy uzytkownicy i tyle > klik w skanuj

  • Dobra wypowiedź 1
kuker173
komentarz
komentarz (edytowane)

OTL.txt:

[log]OTL logfile created on: 2013-07-02 16:17:31 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1023,18 Mb Total Physical Memory | 297,86 Mb Available Physical Memory | 29,11% Memory free
2,46 Gb Paging File | 1,69 Gb Available in Paging File | 68,71% Paging File free
Paging file location(s): c:\pagefile.sys 1500 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 51,97 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
 
Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-07-02 14:22:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg\OTL.exe
PRC - [2013-06-15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-05-11 08:56:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-01-27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-06-15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013-06-15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013-06-15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013-06-15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013-06-15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013-06-15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2013-06-12 17:05:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-01-25 22:51:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandadb.sys -- (androidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandnetadb.sys -- (andnetadb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2013-07-02 15:40:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80C8F5CE-189C-4B14-A51B-9F8A506CE6F1}\MpKsl47e48fd3.sys -- (MpKsl47e48fd3)
DRV - [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013-04-27 11:03:36 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2013-01-20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011-12-15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010-09-28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-08-16 06:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes,DefaultScope = {2D78A1C7-4871-48F2-B082-9A07735F22A5}
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013-04-23 21:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Dokumenty Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] "C:\ProgramData\Realtek0\xsytzecrn.exe" File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 2dd85c52-ee71-4455-acff-d27e8930d0ee File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Wejście\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD5DEE3-DF97-4A08-8E76-7FC17215B972}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-07-02 15:22:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-07-02 15:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-07-02 15:07:26 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-07-02 15:07:14 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-07-02 15:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-07-02 14:29:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-07-02 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
[2013-06-29 20:06:28 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\MSDCSC
[2013-06-29 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\folder name
[2013-06-29 20:06:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\RTAudioDriver0
[2013-06-29 19:32:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0
[2013-06-29 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2013-06-29 18:38:04 | 000,000,000 | ---D | C] -- C:\Fraps
[2013-06-28 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013-06-28 18:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013-06-28 18:34:19 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013-06-28 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2013-06-28 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013-06-25 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair
[2013-06-24 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\tor
[2013-06-21 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013-06-19 17:07:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Roaming\bgr
[2013-06-14 11:32:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs
[2013-06-12 22:34:14 | 000,000,000 | ---D | C] -- C:\4dd0f24423193e5b8f104b3d5b3f
[2013-06-09 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LiveGBoost
[2013-06-09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\GZero
[2013-06-09 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GZero
[2013-06-09 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\GBoost
[2013-06-09 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2013-06-05 11:29:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\skróty
[2013-06-05 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Marcin
[2013-06-05 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Piotr
[2013-06-05 11:25:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Sławek
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-06-04 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013-06-04 10:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013-06-04 10:07:25 | 002,868,736 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll
[2013-06-04 10:07:25 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys
[2013-06-04 10:07:25 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2013-06-04 10:07:25 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2013-06-04 10:07:24 | 003,105,280 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2013-06-04 10:07:24 | 000,228,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2013-06-04 10:07:24 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2013-06-04 10:07:24 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2013-06-04 10:07:24 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2013-06-04 10:07:23 | 000,536,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2013-06-04 10:07:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2013-06-04 10:07:23 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe
[2013-06-04 10:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
[2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SARDU
[2013-06-03 22:35:02 | 000,000,000 | ---D | C] -- C:\Temp
[2013-06-03 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2013-06-03 22:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
 
========== Files - Modified Within 30 Days ==========
 
[2013-07-02 16:18:39 | 000,032,215 | ---- | M] () -- C:\Users\Administrator\Desktop\5.png
[2013-07-02 16:05:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-07-02 16:01:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-02 15:44:56 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-02 15:44:56 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-02 15:43:26 | 000,149,749 | ---- | M] () -- C:\Users\Administrator\Desktop\4.png
[2013-07-02 15:39:54 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-02 15:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-02 15:39:35 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys
[2013-07-02 15:24:56 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-07-02 15:19:57 | 000,127,688 | ---- | M] () -- C:\Users\Administrator\Desktop\3.png
[2013-07-02 15:19:33 | 000,117,925 | ---- | M] () -- C:\Users\Administrator\Desktop\1.png
[2013-07-02 15:19:19 | 000,127,832 | ---- | M] () -- C:\Users\Administrator\Desktop\2.png
[2013-07-02 15:16:18 | 000,001,426 | ---- | M] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk
[2013-07-02 15:07:03 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-07-02 15:06:59 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-07-02 15:06:56 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-07-02 15:06:56 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-07-02 14:36:41 | 000,000,842 | ---- | M] () -- C:\Windows\System32\MsiExec.RPT
[2013-07-01 16:56:29 | 000,697,988 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-07-01 16:56:29 | 000,616,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-07-01 16:56:29 | 000,135,284 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-07-01 16:56:29 | 000,106,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013-06-12 17:05:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-06-12 17:05:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-06-04 10:13:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
 
========== Files Created - No Company Name ==========
 
[2013-07-02 16:18:38 | 000,032,215 | ---- | C] () -- C:\Users\Administrator\Desktop\5.png
[2013-07-02 15:43:26 | 000,149,749 | ---- | C] () -- C:\Users\Administrator\Desktop\4.png
[2013-07-02 15:24:43 | 000,293,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-07-02 15:19:57 | 000,127,688 | ---- | C] () -- C:\Users\Administrator\Desktop\3.png
[2013-07-02 15:19:19 | 000,127,832 | ---- | C] () -- C:\Users\Administrator\Desktop\2.png
[2013-07-02 15:18:21 | 000,117,925 | ---- | C] () -- C:\Users\Administrator\Desktop\1.png
[2013-07-02 15:16:18 | 000,001,426 | ---- | C] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk
[2013-07-02 14:36:41 | 000,000,842 | ---- | C] () -- C:\Windows\System32\MsiExec.RPT
[2013-06-04 10:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-06-04 10:07:24 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013-06-04 10:07:23 | 000,078,848 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2013-04-30 23:48:41 | 000,007,637 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013-04-30 23:28:48 | 000,000,640 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013-03-17 16:44:38 | 000,000,404 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-02-17 11:10:05 | 000,003,912 | ---- | C] () -- C:\Windows\System32\HideMyIpSRV.ini
[2013-02-17 11:10:05 | 000,002,096 | ---- | C] () -- C:\Windows\System32\HideMyIpSRVOff.ini
[2013-02-03 22:47:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013-02-03 22:47:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013-02-03 22:47:35 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013-02-03 22:47:32 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013-02-03 22:47:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013-01-27 18:20:16 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT
[2013-01-26 00:06:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013-01-26 00:06:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012-06-11 14:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
[/log]
 

Jakiś zakaz hotlinkowania wyskoczył, więc spakowałem wszystko do archiwum (zdjęcie nr. 5 sposób, ustawienia ostatniego skanowania OTL'em):

http://www.speedyshare.com/HaTGK/printscr.rar

 

Extras.txt

[log]OTL Extras logfile created on: 2013-07-02 16:17:31 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1023,18 Mb Total Physical Memory | 297,86 Mb Available Physical Memory | 29,11% Memory free
2,46 Gb Paging File | 1,69 Gb Available in Paging File | 68,71% Paging File free
Paging file location(s): c:\pagefile.sys 1500 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 51,97 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
 
Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_USERS\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AEC6CB-866D-4097-823D-96E881B37035}" = rport=137 | protocol=17 | dir=out | app=system | 
"{04F63EA0-D4F2-4BD6-B8C8-BB0D4A090B3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06A16589-CF67-42C4-B414-32E8DE938EB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{33CDCD12-BCBD-4C9E-949D-74C24D2C464B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4119D5CD-156E-4600-89C1-82CB3D819187}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D42F7A4-12A5-40E3-9415-7A9776218D4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5AFA8619-C77C-4E87-BACB-66D7F17401C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B7EA441-CCC0-4C5E-8522-92B6D32762DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{628B541A-D34D-4C27-8661-9B6DE814E04D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6399F48A-C696-43C8-8C1D-961C77F050C3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{68012F0C-C6F7-4E66-BEE8-94097C8C0571}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6AA7448F-5E0E-4980-BE81-DB2C7AA3E9CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{733BB00D-5238-40E3-A674-746C530BFF68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BD56393-8741-4918-B3F3-54A4FC6B37CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E66F4E0-9011-4A11-804F-922DCC79CAFA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{88F40FC8-19BE-4D82-9739-98B52CD3CDF5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9A55525B-42F4-480A-8635-C7B6FF26976F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A8F83C7C-2485-45D1-8FEC-37015F13CC28}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AE2787A8-073C-45A4-BB9C-A7C7D746D73C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B0D72FA3-BFD4-46FD-94C7-55E62572E4D9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B66FA298-B07D-4E87-87A3-F3772FF1973B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B95D20D4-8C9F-42F4-8494-25C056A42576}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BEE6CA3F-29DB-420E-9C3A-C4BA8328B1A7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | 
"{D3BB52CB-74C0-460C-B628-9F2177EEDA57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D51E6094-735A-4A7A-A81A-BDB78CABCE10}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | 
"{D7014FA5-41B7-4C35-8284-BDBB2A5C0FA4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D74B3DCA-09E8-4B6A-AC5A-F3C3CB471E89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F3559C-4B03-4894-9DA4-415297233014}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0F464F42-FCF2-4B09-9EC3-DA4BCA2DAAC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{17325361-6686-48A4-97DC-449A26A61DF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32AFC82C-EAED-4B67-968B-6EB7EB38CDCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32BEEE98-3518-4E9D-9EE7-85B677045211}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | 
"{4D45B7B9-5929-4B07-8FDF-950E0D05F029}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | 
"{58FCF44F-0920-475C-B3F8-0741F03BA527}" = protocol=6 | dir=out | app=system | 
"{5D416532-7730-4273-9BD6-90E90C5D2C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DEE1A47-B5A7-45D0-8F54-1FEA96B96D97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6958EFD7-65DF-4B22-94B1-AD7534BBBC93}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7256CF18-EFD2-49F3-8D19-F1A41E33A1F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{72E8A9BE-EB66-481B-88E2-90D5E2E8A03F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B4488FB-274D-4D9C-9CEC-916DFDE7AE1C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A1C3F4A3-055F-405E-880B-1F9DF1D85D28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AFC9FBA0-E197-4793-B89B-9B2C58400E5B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{B8AFA463-8945-4119-BFE0-08C2CAB54031}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1E6C5E3-63F0-4390-9BDD-5A771F6AABA1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E67AC286-184A-4EAD-861E-FEA816AE06EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA607723-BEC1-4914-92D9-7366D263B1BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC9B4819-A755-4F2E-8904-938EAA05BBD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EE36251C-B16B-403B-935B-E957A6873A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE33CD58-F2C6-4A18-9B8D-50DAF29E755B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{82613EB5-003B-4792-95EB-3F443AE78D25}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{844A298E-ADAC-49E2-B2C0-7A935881314F}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{99AFCC09-E3B4-426E-A97D-8482BD661F67}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{AADCE6FD-432B-4A00-A5B5-A41B4365902D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{04D77BD1-6365-4413-B853-2E307C571D85}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{C6DADD95-FD33-4C08-AA60-04DEFA73366D}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{D14CA9C8-03A2-45AC-8DB1-916F43216DCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F25C1016-C55F-4F37-A674-026CFAFB8B7B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All
"{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{11A292E3-E60B-1335-C4F8-92F1841725D6}" = CCC Help Greek
"{12CB7D4B-F29B-08D3-B305-3C3163F11E6D}" = CCC Help Finnish
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22A0602D-A83C-14A7-A09B-F3E13044D395}" = CCC Help Turkish
"{22E05721-B122-F1A6-7EB2-3A61CA382464}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{32BA6FBB-C948-F45E-934C-5CC049D16263}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35767883-90A2-B69B-E128-2912DD65CA09}" = CCC Help Dutch
"{386AB6EF-B693-C15B-52F5-88BDC6B8291E}" = CCC Help Danish
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40138968-506D-15D7-B6DD-059C06EA2682}" = CCC Help Chinese Standard
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6905AAF7-2EEA-4BC0-A429-9A6FB75D57BF}" = Windows Live Family Safety
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74BB27FA-63B9-DE85-04CB-69D51FF14AD6}" = CCC Help Chinese Traditional
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88F66BC2-87E5-53F8-48DD-728501B98181}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC72EF6-1EB6-610C-6CAB-709718CD2132}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D9F86BB-E232-AC3B-8705-146AC303F636}" = CCC Help Polish
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA3F9FB3-20DF-8CAA-919A-F507FCAA9AB9}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B1F7BB94-BE89-92DF-4736-D94A13E32622}" = CCC Help Swedish
"{BA592980-D2D8-74B9-D9B0-84FB947F8DC9}" = CCC Help Portuguese
"{BAFCE6EC-1BED-0644-4AE0-0827D3A5BF2D}" = CCC Help Russian
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CDC9CB03-079E-D721-4210-0CD5AE082A1B}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE5D7C38-92A7-675C-A49E-1B4F3D945AFE}" = CCC Help French
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E654A9-FF43-C395-2673-1385B493C574}" = CCC Help Korean
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E600853D-6991-2174-0826-F0DE7E024602}" = CCC Help Spanish
"{E735A4C4-F4E0-0BA6-288F-C792BD8969B1}" = CCC Help Norwegian
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{EEA93FD7-132D-2968-9478-D84CAAF3FAD5}" = CCC Help Czech
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"uTorrent" = µTorrent
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013-07-02 08:36:37 | Computer Name = slawek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: wmiprvse.exe, wersja: 6.1.7600.16385,
 sygnatura czasowa: 0x4a5bc39a  Nazwa modułu powodującego błąd: ntdll.dll, wersja:
 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x000000a2  Identyfikator procesu powodującego błąd: 0x198c  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01ce7720c1b690e2  Ścieżka aplikacji powodującej błąd:
 C:\Windows\system32\wbem\wmiprvse.exe  Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll
Identyfikator
 raportu: 093f1229-e314-11e2-af44-001731ce5d6e
 
Error - 2013-07-02 08:55:21 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 08:55:35 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
Error - 2013-07-02 08:58:04 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 08:58:20 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
Error - 2013-07-02 08:58:22 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 08:58:31 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
Error - 2013-07-02 08:58:59 | Computer Name = slawek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: MsiExec.exe, wersja: 5.0.7600.16385,
 sygnatura czasowa: 0x4a5bc3e6  Nazwa modułu powodującego błąd: ntdll.dll, wersja:
 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x0000003a  Identyfikator procesu powodującego błąd: 0x1154  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01ce7723c671e368  Ścieżka aplikacji powodującej błąd:
 C:\Windows\system32\MsiExec.exe  Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll
Identyfikator
 raportu: 28d53169-e317-11e2-af44-001731ce5d6e
 
Error - 2013-07-02 09:06:15 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 09:06:39 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
Error - 2013-07-02 09:06:40 | Computer Name = slawek | Source = VSS | ID = 8193
Description = 
 
Error - 2013-07-02 09:06:50 | Computer Name = slawek | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 2013-03-28 07:13:55 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 12:13:54 - Błąd podczas nawiązywania połączenia z Internetem.  12:13:54
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-03-28 08:14:12 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 13:14:12 - Błąd podczas nawiązywania połączenia z Internetem.  13:14:12
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-03-28 09:14:28 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 14:14:28 - Błąd podczas nawiązywania połączenia z Internetem.  14:14:28
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-03-28 10:14:40 | Computer Name = slawek | Source = MCUpdate | ID = 0
Description = 15:14:40 - Błąd podczas nawiązywania połączenia z Internetem.  15:14:40
 -     Nie można skontaktować się z serwerem..  
 
[ System Events ]
Error - 2013-05-18 04:22:41 | Computer Name = slawek | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 2013-05-18 04:23:03 | Computer Name = slawek | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego 
lub systemowego:   cdrom
 
Error - 2013-05-18 04:23:04 | Computer Name = slawek | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 2013-05-18 05:12:39 | Computer Name = slawek | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 2013-05-18 06:19:27 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 
0 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-05-18 06:19:27 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 
1 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 2013-05-18 06:19:51 | Computer Name = slawek | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego 
lub systemowego:   cdrom
 
Error - 2013-05-18 06:19:53 | Computer Name = slawek | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
[/log]
Zayfi
komentarz
komentarz

Uruchom OTL i w oknie Własne opcje skanowania/ skrypt wklej

:OTL
O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] "C:\ProgramData\Realtek0\xsytzecrn.exe" File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 2dd85c52-ee71-4455-acff-d27e8930d0ee File not foundO18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found

:Files
C:\Users\Administrator\AppData\Roaming\tor

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:Commands
[reboot]

Kliknij w wykonaj skrypt

 

Po restarcie robisz nowy skan OTL i dajesz raport

  • Dobra wypowiedź 1
kuker173
komentarz
komentarz

Uruchom OTL i w oknie Własne opcje skanowania/ skrypt wklej

:OTL
O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] "C:\ProgramData\Realtek0\xsytzecrn.exe" File not found
O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 2dd85c52-ee71-4455-acff-d27e8930d0ee File not foundO18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found

:Files
C:\Users\Administrator\AppData\Roaming\tor

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:Commands
[reboot]

Kliknij w wykonaj skrypt

 

Po restarcie robisz nowy skan OTL i dajesz raport

 

OTL.txt

[log]OTL logfile created on: 2013-07-04 09:22:16 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1023,18 Mb Total Physical Memory | 564,21 Mb Available Physical Memory | 55,14% Memory free
2,46 Gb Paging File | 2,03 Gb Available in Paging File | 82,51% Paging File free
Paging file location(s): c:\pagefile.sys 1500 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 52,18 Gb Free Space | 70,03% Space Free | Partition Type: NTFS
 
Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-07-02 14:22:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg\OTL.exe
PRC - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2013-05-11 08:56:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-01-27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2013-06-12 17:05:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-01-25 22:51:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandadb.sys -- (androidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandnetadb.sys -- (andnetadb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013-04-27 11:03:36 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2013-01-20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011-12-15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010-09-28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-08-16 06:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes,DefaultScope = {2D78A1C7-4871-48F2-B082-9A07735F22A5}
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013-04-23 21:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Dokumenty Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Wejście\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD5DEE3-DF97-4A08-8E76-7FC17215B972}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-07-02 22:12:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-07-02 15:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-07-02 15:07:26 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-07-02 15:07:14 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-07-02 15:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-07-02 14:29:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-07-02 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg
[2013-06-29 20:06:28 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\MSDCSC
[2013-06-29 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\folder name
[2013-06-29 20:06:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\RTAudioDriver0
[2013-06-29 19:32:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0
[2013-06-29 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2013-06-29 18:38:04 | 000,000,000 | ---D | C] -- C:\Fraps
[2013-06-28 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013-06-28 18:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013-06-28 18:34:19 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013-06-28 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2013-06-28 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013-06-25 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair
[2013-06-21 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013-06-19 17:07:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Roaming\bgr
[2013-06-14 11:32:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs
[2013-06-12 22:34:14 | 000,000,000 | ---D | C] -- C:\4dd0f24423193e5b8f104b3d5b3f
[2013-06-09 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LiveGBoost
[2013-06-09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\GZero
[2013-06-09 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GZero
[2013-06-09 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\GBoost
[2013-06-09 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2013-06-05 11:29:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\skróty
[2013-06-05 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Marcin
[2013-06-05 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Piotr
[2013-06-05 11:25:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Sławek
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-06-04 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013-06-04 10:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013-06-04 10:07:25 | 002,868,736 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll
[2013-06-04 10:07:25 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys
[2013-06-04 10:07:25 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2013-06-04 10:07:25 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2013-06-04 10:07:24 | 003,105,280 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2013-06-04 10:07:24 | 000,228,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2013-06-04 10:07:24 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2013-06-04 10:07:24 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2013-06-04 10:07:24 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2013-06-04 10:07:23 | 000,536,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2013-06-04 10:07:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2013-06-04 10:07:23 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe
[2013-06-04 10:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-07-04 09:26:03 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-04 09:26:03 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-04 09:20:56 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-04 09:20:48 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-07-04 09:20:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-04 09:20:23 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys
[2013-07-03 22:05:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-07-03 22:01:05 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-03 16:40:30 | 000,012,283 | ---- | M] () -- C:\Users\Administrator\Desktop\potwierdzenie (1).pdf
[2013-07-02 15:16:18 | 000,001,426 | ---- | M] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk
[2013-07-02 15:07:03 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-07-02 15:06:59 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-07-02 15:06:56 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-07-02 15:06:56 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-07-02 14:36:41 | 000,000,842 | ---- | M] () -- C:\Windows\System32\MsiExec.RPT
[2013-07-01 16:56:29 | 000,697,988 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-07-01 16:56:29 | 000,616,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-07-01 16:56:29 | 000,135,284 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-07-01 16:56:29 | 000,106,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013-06-12 17:05:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-06-12 17:05:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-06-04 10:13:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-07-04 09:20:28 | 000,293,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-07-03 16:41:51 | 000,012,283 | ---- | C] () -- C:\Users\Administrator\Desktop\potwierdzenie (1).pdf
[2013-07-02 15:16:18 | 000,001,426 | ---- | C] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk
[2013-07-02 14:36:41 | 000,000,842 | ---- | C] () -- C:\Windows\System32\MsiExec.RPT
[2013-06-04 10:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-06-04 10:07:24 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013-06-04 10:07:23 | 000,078,848 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2013-04-30 23:48:41 | 000,007,637 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013-04-30 23:28:48 | 000,000,640 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013-03-17 16:44:38 | 000,000,404 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-02-17 11:10:05 | 000,003,912 | ---- | C] () -- C:\Windows\System32\HideMyIpSRV.ini
[2013-02-17 11:10:05 | 000,002,096 | ---- | C] () -- C:\Windows\System32\HideMyIpSRVOff.ini
[2013-02-03 22:47:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013-02-03 22:47:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013-02-03 22:47:35 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013-02-03 22:47:32 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013-02-03 22:47:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013-01-27 18:20:16 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT
[2013-01-26 00:06:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013-01-26 00:06:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012-06-11 14:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
[/log]
Zayfi
komentarz
komentarz

Pobierz System Look > uruchom > w puste okno wklej

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Kliknij w Look i daj raport

 

http://jpshortstuff.247fixes.com/SystemLook.html

  • Dobra wypowiedź 1

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.