kuker173 utworzono 2 lipca 2013 utworzono 2 lipca 2013 (edytowane) Nie mam wglądu w ten komputer bo używam inny. Na tym grają dzieci 11,14 lat. Ściągają jakieś minecrafty, dodatki. Nie wiem czy to jakieś wirusy, błędy z odinstalowywaniem czegoś, czy po prostu (pewnie kilkunastoletni?) komputer się popsuł i nadaje się do recyklingu. błędy z plikami: msdcsc.exe msiexec.exe werfault.exe autoupdate.exe zamknięcie programu: rodster bemoult dipotass TYSIĄCE okienek z błędem pliku gry MINECRAFT: C:\Users\Administrator\Appdata\Roaming\folder name\filename.exe OTL.txt [log]OTL logfile created on: 2013-07-02 14:23:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,18 Mb Total Physical Memory | 305,85 Mb Available Physical Memory | 29,89% Memory free 2,46 Gb Paging File | 1,60 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): c:\pagefile.sys 1500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 44,87 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-07-02 14:22:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg\OTL.exe PRC - [2013-06-15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013-05-15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2013-05-11 08:56:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013-02-27 16:38:02 | 003,233,806 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\bgr\svchost.exe PRC - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013-01-27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe PRC - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013-01-27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013-01-04 04:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-09-28 21:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010-09-28 21:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ========== Modules (No Company Name) ========== MOD - [2013-06-15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll MOD - [2013-06-15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013-06-15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013-06-15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013-06-15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013-02-27 16:38:02 | 003,233,806 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\bgr\svchost.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2013-06-12 17:05:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-05-15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-01-25 22:51:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-09-28 21:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver) DRV - [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013-04-27 11:03:36 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc) DRV - [2013-01-20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011-12-15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011-09-06 01:19:48 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb) DRV - [2011-08-17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011-08-17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011-08-17 09:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011-08-17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011-08-17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011-05-13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-05-13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011-05-13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010-12-07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010-12-07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010-12-07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010-12-07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010-09-28 22:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010-09-28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010-08-16 06:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-08-02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes,DefaultScope = {2D78A1C7-4871-48F2-B082-9A07735F22A5} IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2013-04-23 21:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Dokumenty Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe () O4 - HKLM..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe () O4 - HKU\S-1-5-20..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 3b3d5601-0ac7-43f0-b86e-0af436ff8a86 File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [java] C:\Users\Administrator\AppData\Roaming\Adobe\java.exe File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [key name] C:\Users\Administrator\AppData\Roaming\folder name\filename.exe (Instruments) O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [LaunchPad] C:\Users\Administrator\AppData\Roaming\svchost.exe () O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [MicroUpdate] C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe () O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS\usft_ext.exe.vbs () O4 - Startup: C:\Users\Wejście\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD5DEE3-DF97-4A08-8E76-7FC17215B972}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\hijackthis.exe: Debugger - ctdimj_.exe File not found O27 - HKLM IFEO\housecalllauncher.exe: Debugger - cphojj_.exe File not found O27 - HKLM IFEO\rstrui.exe: Debugger - odoazt_.exe File not found O27 - HKLM IFEO\spybotsd.exe: Debugger - cuznff_.exe File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\RTAudioDriver0 [2013-07-02 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg [2013-07-01 10:54:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS [2013-06-30 15:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-06-30 15:56:33 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-06-30 15:56:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-06-30 15:56:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-06-30 15:56:24 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-06-30 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-06-30 15:15:37 | 000,139,264 | ---- | C] (TechSmith eeeeeeeeeeeeeeeeeeeeeeeeee) -- C:\Users\Administrator\AppData\Roaming\__0187477b.lnk [2013-06-29 20:06:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\dclogs [2013-06-29 20:06:28 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\MSDCSC [2013-06-29 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\folder name [2013-06-29 19:32:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0 [2013-06-29 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic [2013-06-29 18:38:04 | 000,000,000 | ---D | C] -- C:\Fraps [2013-06-28 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2013-06-28 18:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013-06-28 18:34:19 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013-06-28 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2013-06-28 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013-06-25 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair [2013-06-24 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\tor [2013-06-21 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2013-06-19 17:07:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Roaming\bgr [2013-06-14 11:32:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs [2013-06-12 22:34:14 | 000,000,000 | ---D | C] -- C:\4dd0f24423193e5b8f104b3d5b3f [2013-06-09 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LiveGBoost [2013-06-09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\GZero [2013-06-09 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GZero [2013-06-09 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\GBoost [2013-06-09 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics [2013-06-09 12:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2013-06-09 12:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2013-06-05 11:29:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\skróty [2013-06-05 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Marcin [2013-06-05 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Piotr [2013-06-05 11:25:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Sławek [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-06-04 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013-06-04 10:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013-06-04 10:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013-06-04 10:07:25 | 003,460,096 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll [2013-06-04 10:07:25 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll [2013-06-04 10:07:25 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys [2013-06-04 10:07:25 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll [2013-06-04 10:07:25 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll [2013-06-04 10:07:24 | 016,201,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll [2013-06-04 10:07:24 | 006,472,192 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys [2013-06-04 10:07:24 | 004,077,568 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll [2013-06-04 10:07:24 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll [2013-06-04 10:07:24 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODE.exe [2013-06-04 10:07:24 | 000,228,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys [2013-06-04 10:07:24 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll [2013-06-04 10:07:24 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll [2013-06-04 10:07:24 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll [2013-06-04 10:07:24 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODCLI.exe [2013-06-04 10:07:24 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll [2013-06-04 10:07:24 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll [2013-06-04 10:07:24 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll [2013-06-04 10:07:24 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll [2013-06-04 10:07:23 | 004,407,808 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll [2013-06-04 10:07:23 | 003,953,152 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll [2013-06-04 10:07:23 | 000,536,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll [2013-06-04 10:07:23 | 000,450,560 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2013-06-04 10:07:23 | 000,380,928 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe [2013-06-04 10:07:23 | 000,241,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll [2013-06-04 10:07:23 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe [2013-06-04 10:07:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe [2013-06-04 10:07:23 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe [2013-06-04 10:07:23 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll [2013-06-04 10:07:23 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll [2013-06-04 10:07:23 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll [2013-06-04 10:07:23 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll [2013-06-04 10:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net [2013-06-04 10:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net [2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU [2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SARDU [2013-06-03 22:35:02 | 000,000,000 | ---D | C] -- C:\Temp [2013-06-03 22:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp [2013-06-03 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp [2013-06-03 22:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\APN ========== Files - Modified Within 30 Days ========== [2013-07-02 14:26:28 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-07-02 14:26:28 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-07-02 14:15:39 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-07-02 14:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-07-02 14:15:04 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys [2013-07-02 13:01:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-07-02 12:05:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-07-02 09:30:17 | 000,001,149 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013-07-01 16:56:29 | 000,697,988 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-07-01 16:56:29 | 000,616,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-07-01 16:56:29 | 000,135,284 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-07-01 16:56:29 | 000,106,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-07-01 16:30:46 | 002,283,008 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\svchost.exe [2013-07-01 09:59:31 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-06-30 15:56:16 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-06-30 15:56:13 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-06-30 15:56:13 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-06-30 15:56:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-06-30 15:56:11 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013-06-30 15:56:11 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013-06-30 15:15:27 | 000,139,264 | ---- | M] (TechSmith eeeeeeeeeeeeeeeeeeeeeeeeee) -- C:\Users\Administrator\AppData\Roaming\__0187477b.lnk [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013-06-12 17:05:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-06-12 17:05:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-06-04 10:13:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin ========== Files Created - No Company Name ========== [2013-07-01 16:30:49 | 002,283,008 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\svchost.exe [2013-07-01 10:54:56 | 000,001,149 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013-07-01 09:59:19 | 000,293,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013-06-04 10:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-06-04 10:07:25 | 000,614,400 | ---- | C] () -- C:\Windows\System32\atiumdva.cap [2013-06-04 10:07:24 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2013-06-04 10:07:24 | 000,022,190 | ---- | C] () -- C:\Windows\atiogl.xml [2013-06-04 10:07:24 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2013-06-04 10:07:23 | 000,078,848 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2013-04-30 23:48:41 | 000,007,637 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg [2013-04-30 23:28:48 | 000,000,640 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol [2013-03-17 16:44:38 | 000,000,404 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013-02-17 11:10:05 | 000,003,912 | ---- | C] () -- C:\Windows\System32\HideMyIpSRV.ini [2013-02-17 11:10:05 | 000,002,096 | ---- | C] () -- C:\Windows\System32\HideMyIpSRVOff.ini [2013-02-03 22:47:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013-02-03 22:47:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013-02-03 22:47:35 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2013-02-03 22:47:32 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013-02-03 22:47:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2013-01-27 18:20:16 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT [2013-01-26 00:06:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2013-01-26 00:06:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012-06-11 14:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe ========== ZeroAccess Check ========== [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013-06-09 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Auslogics [2013-07-01 16:30:52 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\bgr [2013-06-30 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2013-07-01 10:01:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dclogs [2013-06-29 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\folder name [2013-06-30 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GZero [2013-05-08 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView [2013-05-16 09:47:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient [2013-05-01 12:26:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org [2013-05-27 15:35:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skyz [2013-07-02 13:18:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent [2013-07-01 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS [2013-05-31 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\.minecraft [2013-05-05 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\Audacity [2013-07-02 09:39:49 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\dclogs [2013-07-01 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\folder name [2013-05-08 18:27:09 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\IrfanView [2013-05-20 17:03:01 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\LolClient [2013-05-02 09:45:48 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\OpenOffice.org [2013-05-02 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\Thinstall [2013-05-17 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\uTorrent [2013-07-02 12:12:10 | 000,000,000 | ---D | M] -- C:\Users\Wejście\AppData\Roaming\WindowsLogonSSS ========== Purity Check ========== ========== Custom Scans ========== < > [2009-07-14 06:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009-07-14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2013-01-24 22:03:13 | 000,000,930 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013-01-24 22:45:34 | 000,001,032 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013-01-24 22:45:35 | 000,001,036 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < C:\*.* > [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2013-01-20 11:51:01 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK [2013-01-24 21:44:42 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2013-01-24 21:44:43 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013-07-02 14:15:04 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys [2012-10-05 17:55:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012-10-05 17:55:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2013-07-02 14:15:05 | 1572,864,000 | -HS- | M] () -- C:\pagefile.sys < D:\*.* > < E:\*.* > < F:\*.* > < G:\*.* > < H:\*.* > < %ALLUSERSPROFILE%\Application Data\*. > < %APPDATA%\*. > [2013-06-30 20:00:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe [2013-06-04 10:13:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI [2013-06-09 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Auslogics [2013-07-01 16:30:52 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\bgr [2013-06-30 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2013-07-01 10:01:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dclogs [2013-06-29 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\folder name [2013-06-30 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GZero [2013-04-30 23:28:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities [2013-05-08 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView [2013-05-16 09:47:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient [2013-04-13 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2013-05-01 15:59:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2009-07-14 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2013-06-30 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic [2013-06-30 15:15:47 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2013-05-01 12:26:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org [2013-06-30 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype [2013-05-27 15:35:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skyz [2013-07-02 14:21:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\tor [2013-07-02 13:18:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent [2013-07-01 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS [2013-05-01 09:28:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR < %SYSTEMDRIVE%\*. /mp /s > < MD5 for: AGP440.SYS > [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: BEEP.SYS > [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys < MD5 for: EXPLORER.EXE > [2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: NTFS.SYS > [2012-08-31 19:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys [2011-03-11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys [2009-07-14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys [2012-08-31 19:21:56 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=5126C5402C730C2A953275D8497A4715 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_a69715e87e02f01c\ntfs.sys [2013-04-12 15:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_a870a63a7b333f99\ntfs.sys [2012-08-31 19:20:14 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=72D1BB12770F86033C73E288CD8E3869 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_a71db3bb97234108\ntfs.sys [2013-03-02 07:01:18 | 001,211,240 | ---- | M] (Microsoft Corporation) MD5=76371F9D9FCDE3ACDFEC3D7C3E585FB5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21483_none_a6cf054f975eb5c1\ntfs.sys [2011-03-11 07:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys [2013-03-02 07:07:36 | 001,212,264 | ---- | M] (Microsoft Corporation) MD5=9CDAEBE5160B9AF02AE17C62BDB6C4B5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18106_none_a88545c87b23ee60\ntfs.sys [2013-03-02 07:09:19 | 001,210,712 | ---- | M] (Microsoft Corporation) MD5=A458A5F7FD79C477D40ED42CF5A230CB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17267_none_a65f079e7e2d464a\ntfs.sys [2013-04-12 15:53:03 | 001,213,288 | ---- | M] (Microsoft Corporation) MD5=A543D7FD38F51123CA6B8B4722E4D322 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_a8ae93919489a2fa\ntfs.sys [2011-03-11 07:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys [2013-04-12 15:58:11 | 001,210,728 | ---- | M] (Microsoft Corporation) MD5=A8F59428E9F361C7AC42A94AC1560BC9 -- C:\Windows\System32\drivers\ntfs.sys [2013-04-12 15:58:11 | 001,210,728 | ---- | M] (Microsoft Corporation) MD5=A8F59428E9F361C7AC42A94AC1560BC9 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17281_none_a643660a7e42e622\ntfs.sys [2013-03-02 06:30:20 | 001,213,272 | ---- | M] (Microsoft Corporation) MD5=BDC9CE1B497B6C266ED70E3D34184F40 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22272_none_a8bf31f7947dec65\ntfs.sys [2011-03-11 07:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys [2013-04-12 17:59:24 | 001,211,240 | ---- | M] (Microsoft Corporation) MD5=E3B53A54A7AF3B3098701783BA15FF75 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21499_none_a6ca371f976169bc\ntfs.sys [2012-08-31 19:01:43 | 001,212,272 | ---- | M] (Microsoft Corporation) MD5=E6C295C6F8E639957235FEE1D95077F4 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys < MD5 for: SVCHOST.EXE > [2013-07-01 16:30:46 | 002,283,008 | ---- | M] () MD5=1DFD424B0889782D58085260FD28BEFB -- C:\Users\Administrator\AppData\Roaming\svchost.exe [2013-02-27 16:38:02 | 003,233,806 | ---- | M] () MD5=506B0B498216371D64ABB69145B70E4C -- C:\Users\Administrator\AppData\Roaming\bgr\svchost.exe [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe < MD5 for: USERINIT.EXE > [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < %systemroot%\system32\ws2_32.dll /md5 > [2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\system32\ws2_32.dll < %systemroot%\system32\kernel32.dll /md5 > [2013-01-04 06:46:33 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=A2CB61B68566F6DB067607273119D27B -- C:\Windows\system32\kernel32.dll < %systemroot%\system32\user32.dll /md5 > [2009-07-14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\system32\user32.dll < %systemroot%\Tasks\*.* /lockedfiles > [2013-05-18 20:54:21 | 000,032,608 | ---- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Restore Points Found ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Users\All Users] -> -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\Users\All Users\TEMP:373E1720 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > [/log] Extras.txt [log]OTL Extras logfile created on: 2013-07-02 14:23:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,18 Mb Total Physical Memory | 305,85 Mb Available Physical Memory | 29,89% Memory free 2,46 Gb Paging File | 1,60 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): c:\pagefile.sys 1500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 44,87 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" [HKEY_USERS\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04AEC6CB-866D-4097-823D-96E881B37035}" = rport=137 | protocol=17 | dir=out | app=system | "{04F63EA0-D4F2-4BD6-B8C8-BB0D4A090B3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{06A16589-CF67-42C4-B414-32E8DE938EB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{33CDCD12-BCBD-4C9E-949D-74C24D2C464B}" = lport=138 | protocol=17 | dir=in | app=system | "{4119D5CD-156E-4600-89C1-82CB3D819187}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D42F7A4-12A5-40E3-9415-7A9776218D4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5AFA8619-C77C-4E87-BACB-66D7F17401C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B7EA441-CCC0-4C5E-8522-92B6D32762DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{628B541A-D34D-4C27-8661-9B6DE814E04D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6399F48A-C696-43C8-8C1D-961C77F050C3}" = rport=445 | protocol=6 | dir=out | app=system | "{68012F0C-C6F7-4E66-BEE8-94097C8C0571}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6AA7448F-5E0E-4980-BE81-DB2C7AA3E9CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{733BB00D-5238-40E3-A674-746C530BFF68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7BD56393-8741-4918-B3F3-54A4FC6B37CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E66F4E0-9011-4A11-804F-922DCC79CAFA}" = rport=10243 | protocol=6 | dir=out | app=system | "{88F40FC8-19BE-4D82-9739-98B52CD3CDF5}" = lport=10243 | protocol=6 | dir=in | app=system | "{9A55525B-42F4-480A-8635-C7B6FF26976F}" = rport=139 | protocol=6 | dir=out | app=system | "{A8F83C7C-2485-45D1-8FEC-37015F13CC28}" = lport=139 | protocol=6 | dir=in | app=system | "{AE2787A8-073C-45A4-BB9C-A7C7D746D73C}" = lport=2869 | protocol=6 | dir=in | app=system | "{B0D72FA3-BFD4-46FD-94C7-55E62572E4D9}" = lport=445 | protocol=6 | dir=in | app=system | "{B66FA298-B07D-4E87-87A3-F3772FF1973B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B95D20D4-8C9F-42F4-8494-25C056A42576}" = rport=138 | protocol=17 | dir=out | app=system | "{BEE6CA3F-29DB-420E-9C3A-C4BA8328B1A7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | "{D3BB52CB-74C0-460C-B628-9F2177EEDA57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D51E6094-735A-4A7A-A81A-BDB78CABCE10}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | "{D7014FA5-41B7-4C35-8284-BDBB2A5C0FA4}" = lport=137 | protocol=17 | dir=in | app=system | "{D74B3DCA-09E8-4B6A-AC5A-F3C3CB471E89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07F3559C-4B03-4894-9DA4-415297233014}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{0F464F42-FCF2-4B09-9EC3-DA4BCA2DAAC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{17325361-6686-48A4-97DC-449A26A61DF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{32AFC82C-EAED-4B67-968B-6EB7EB38CDCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{32BEEE98-3518-4E9D-9EE7-85B677045211}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | "{4D45B7B9-5929-4B07-8FDF-950E0D05F029}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | "{58FCF44F-0920-475C-B3F8-0741F03BA527}" = protocol=6 | dir=out | app=system | "{5D416532-7730-4273-9BD6-90E90C5D2C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5DEE1A47-B5A7-45D0-8F54-1FEA96B96D97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6958EFD7-65DF-4B22-94B1-AD7534BBBC93}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7256CF18-EFD2-49F3-8D19-F1A41E33A1F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{72E8A9BE-EB66-481B-88E2-90D5E2E8A03F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B4488FB-274D-4D9C-9CEC-916DFDE7AE1C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A1C3F4A3-055F-405E-880B-1F9DF1D85D28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AFC9FBA0-E197-4793-B89B-9B2C58400E5B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{B8AFA463-8945-4119-BFE0-08C2CAB54031}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D1E6C5E3-63F0-4390-9BDD-5A771F6AABA1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E67AC286-184A-4EAD-861E-FEA816AE06EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EA607723-BEC1-4914-92D9-7366D263B1BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EC9B4819-A755-4F2E-8904-938EAA05BBD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EE36251C-B16B-403B-935B-E957A6873A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FE33CD58-F2C6-4A18-9B8D-50DAF29E755B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{82613EB5-003B-4792-95EB-3F443AE78D25}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{844A298E-ADAC-49E2-B2C0-7A935881314F}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{99AFCC09-E3B4-426E-A97D-8482BD661F67}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{AADCE6FD-432B-4A00-A5B5-A41B4365902D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{04D77BD1-6365-4413-B853-2E307C571D85}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{C6DADD95-FD33-4C08-AA60-04DEFA73366D}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{D14CA9C8-03A2-45AC-8DB1-916F43216DCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F25C1016-C55F-4F37-A674-026CFAFB8B7B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All "{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{11A292E3-E60B-1335-C4F8-92F1841725D6}" = CCC Help Greek "{12CB7D4B-F29B-08D3-B305-3C3163F11E6D}" = CCC Help Finnish "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{22A0602D-A83C-14A7-A09B-F3E13044D395}" = CCC Help Turkish "{22E05721-B122-F1A6-7EB2-3A61CA382464}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{32BA6FBB-C948-F45E-934C-5CC049D16263}" = CCC Help Hungarian "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35767883-90A2-B69B-E128-2912DD65CA09}" = CCC Help Dutch "{386AB6EF-B693-C15B-52F5-88BDC6B8291E}" = CCC Help Danish "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40138968-506D-15D7-B6DD-059C06EA2682}" = CCC Help Chinese Standard "{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6905AAF7-2EEA-4BC0-A429-9A6FB75D57BF}" = Windows Live Family Safety "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74BB27FA-63B9-DE85-04CB-69D51FF14AD6}" = CCC Help Chinese Traditional "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{865F8014-4DED-B63D-832A-3FB08FC38479}" = ATI Catalyst Install Manager "{88F66BC2-87E5-53F8-48DD-728501B98181}" = CCC Help Thai "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DC72EF6-1EB6-610C-6CAB-709718CD2132}" = CCC Help English "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D9F86BB-E232-AC3B-8705-146AC303F636}" = CCC Help Polish "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA3F9FB3-20DF-8CAA-919A-F507FCAA9AB9}" = CCC Help Japanese "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B1F7BB94-BE89-92DF-4736-D94A13E32622}" = CCC Help Swedish "{B76E1251-5ACA-AAB7-518D-17DC63282D23}" = Catalyst Control Center InstallProxy "{BA592980-D2D8-74B9-D9B0-84FB947F8DC9}" = CCC Help Portuguese "{BAFCE6EC-1BED-0644-4AE0-0827D3A5BF2D}" = CCC Help Russian "{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CDC9CB03-079E-D721-4210-0CD5AE082A1B}" = CCC Help Italian "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DE5D7C38-92A7-675C-A49E-1B4F3D945AFE}" = CCC Help French "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2E654A9-FF43-C395-2673-1385B493C574}" = CCC Help Korean "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E600853D-6991-2174-0826-F0DE7E024602}" = CCC Help Spanish "{E735A4C4-F4E0-0BA6-288F-C792BD8969B1}" = CCC Help Norwegian "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{EEA93FD7-132D-2968-9478-D84CAAF3FAD5}" = CCC Help Czech "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "EPSON Printer and Utilities" = EPSON Printer Software "Google Chrome" = Google Chrome "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "uTorrent" = µTorrent "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = WinRAR 4.20 (32-bitowy) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-07-02 08:18:12 | Computer Name = slawek | Source = Application Error | ID = 1005 Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku. System Windows zamknął program Rodster' bemoult dipotass z powodu tego błędu. Program: Rodster' bemoult dipotass Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0 Error - 2013-07-02 08:18:14 | Computer Name = slawek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: msdcsc.exe, wersja: 7.8.0.6, sygnatura czasowa: 0x51a689ef Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x76deffdb Identyfikator procesu powodującego błąd: 0xec0 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce771ddd7b286f Ścieżka aplikacji powodującej błąd: C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 77354b6c-e311-11e2-af44-001731ce5d6e Error - 2013-07-02 08:21:35 | Computer Name = slawek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: jusched.exe, wersja: 2.1.9.4, sygnatura czasowa: 0x513f4a9a Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x01a92972 Identyfikator procesu powodującego błąd: 0x3d0 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce771dfbce111f Ścieżka aplikacji powodującej błąd: C:\Program Files\Common Files\Java\Java Update\jusched.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: ef1f5368-e311-11e2-af44-001731ce5d6e Error - 2013-07-02 08:26:13 | Computer Name = slawek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MpCmdRun.exe, wersja: 4.2.223.0, sygnatura czasowa: 0x51020955 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000033 Identyfikator procesu powodującego błąd: 0x1c88 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce771f456a2098 Ścieżka aplikacji powodującej błąd: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 95493940-e312-11e2-af44-001731ce5d6e Error - 2013-07-02 08:28:40 | Computer Name = slawek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: RunDll32.exe_WerConCpl.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc637 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x03d22972 Identyfikator procesu powodującego błąd: 0x35c8 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce771fa4bd29b8 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\RunDll32.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: ec83f46d-e312-11e2-af44-001731ce5d6e Error - 2013-07-02 08:30:56 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 08:31:05 | Computer Name = slawek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: iexplore.exe, wersja: 9.0.8112.16457, sygnatura czasowa: 0x50a2f9e3 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf Kod wyjątku: 0xc0000024 Przesunięcie błędu: 0x0007f2ca Identyfikator procesu powodującego błąd: 0x1544 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce771e0d34526e Ścieżka aplikacji powodującej błąd: C:\Program Files\Internet Explorer\iexplore.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 42fec24d-e313-11e2-af44-001731ce5d6e Error - 2013-07-02 08:31:16 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = Error - 2013-07-02 08:31:17 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 08:31:29 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = Error - 2013-07-02 08:32:15 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 08:32:28 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = [ Media Center Events ] Error - 2013-03-28 07:13:55 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 12:13:54 - Błąd podczas nawiązywania połączenia z Internetem. 12:13:54 - Nie można skontaktować się z serwerem.. Error - 2013-03-28 08:14:12 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 13:14:12 - Błąd podczas nawiązywania połączenia z Internetem. 13:14:12 - Nie można skontaktować się z serwerem.. Error - 2013-03-28 09:14:28 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 14:14:28 - Błąd podczas nawiązywania połączenia z Internetem. 14:14:28 - Nie można skontaktować się z serwerem.. Error - 2013-03-28 10:14:40 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 15:14:40 - Błąd podczas nawiązywania połączenia z Internetem. 15:14:40 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2013-05-18 06:19:27 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 1 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 43029 Description = Display is not active Error - 2013-05-18 06:19:51 | Computer Name = slawek | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2013-05-18 06:19:53 | Computer Name = slawek | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2013-05-18 14:54:19 | Computer Name = slawek | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 20:52:41 na ?2013-?05-?18 było nieoczekiwane. Error - 2013-05-18 14:54:10 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 0 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-05-18 14:54:10 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 1 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-05-18 14:54:14 | Computer Name = slawek | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 2013-05-18 14:54:14 | Computer Name = slawek | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > [/log]
Zayfi komentarz 2 lipca 2013 komentarz 2 lipca 2013 Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej :OTL O4 - HKLM..\Run: [Realtek Audio Manager] C:\ProgramData\Realtek0\xsytzecrn.exe () O4 - HKLM..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found O4 - HKU\S-1-5-20..\Run: [RTAudioDriver] "C:\ProgramData\RTAudioDriver0\zpyemhvct.exe" File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 3b3d5601-0ac7-43f0-b86e-0af436ff8a86 File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [java] C:\Users\Administrator\AppData\Roaming\Adobe\java.exe File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [key name] C:\Users\Administrator\AppData\Roaming\folder name\filename.exe (Instruments) O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [LaunchPad] C:\Users\Administrator\AppData\Roaming\svchost.exe () O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [MicroUpdate] C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe) - C:\Users\Administrator\Documents\MSDCSC\MqbugC68LEsh\MqbugC68LEsh\msdcsc.exe (Instruments) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found :Files C:\Users\Administrator\AppData\Roaming\WindowsLogonSSS C:\Users\Administrator\AppData\Roaming\svchost.exe C:\Users\Administrator\AppData\Roaming\__0187477b.lnk :Commands [emptytemp] Kliknij w Wykonaj skrypt 2. Zrób nowy skan OTL i daj raport 1
Zayfi komentarz 2 lipca 2013 komentarz 2 lipca 2013 Nie wklejaj mi żadnych skryptów do skanu OTL. Zaznacz wszystkie sekcje na użyj filtrowania > wszyscy uzytkownicy i tyle > klik w skanuj 1
kuker173 komentarz 2 lipca 2013 Autor komentarz 2 lipca 2013 (edytowane) OTL.txt: [log]OTL logfile created on: 2013-07-02 16:17:31 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,18 Mb Total Physical Memory | 297,86 Mb Available Physical Memory | 29,11% Memory free 2,46 Gb Paging File | 1,69 Gb Available in Paging File | 68,71% Paging File free Paging file location(s): c:\pagefile.sys 1500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 51,97 Gb Free Space | 69,74% Space Free | Partition Type: NTFS Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-07-02 14:22:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg\OTL.exe PRC - [2013-06-15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013-05-11 08:56:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013-01-27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ========== Modules (No Company Name) ========== MOD - [2013-06-15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll MOD - [2013-06-15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll MOD - [2013-06-15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013-06-15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013-06-15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013-06-15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2013-06-12 17:05:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-01-25 22:51:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandadb.sys -- (androidusb) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandnetadb.sys -- (andnetadb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus) DRV - [2013-07-02 15:40:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80C8F5CE-189C-4B14-A51B-9F8A506CE6F1}\MpKsl47e48fd3.sys -- (MpKsl47e48fd3) DRV - [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013-04-27 11:03:36 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc) DRV - [2013-01-20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011-12-15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011-05-13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-05-13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011-05-13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010-09-28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010-08-16 06:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes,DefaultScope = {2D78A1C7-4871-48F2-B082-9A07735F22A5} IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2013-04-23 21:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Dokumenty Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] "C:\ProgramData\Realtek0\xsytzecrn.exe" File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 2dd85c52-ee71-4455-acff-d27e8930d0ee File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Wejście\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD5DEE3-DF97-4A08-8E76-7FC17215B972}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-07-02 15:22:16 | 000,000,000 | ---D | C] -- C:\_OTL [2013-07-02 15:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-07-02 15:07:26 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-07-02 15:07:14 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-07-02 15:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-07-02 14:29:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-07-02 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg [2013-06-29 20:06:28 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\MSDCSC [2013-06-29 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\folder name [2013-06-29 20:06:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\RTAudioDriver0 [2013-06-29 19:32:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0 [2013-06-29 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic [2013-06-29 18:38:04 | 000,000,000 | ---D | C] -- C:\Fraps [2013-06-28 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2013-06-28 18:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013-06-28 18:34:19 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013-06-28 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2013-06-28 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013-06-25 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair [2013-06-24 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\tor [2013-06-21 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2013-06-19 17:07:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Roaming\bgr [2013-06-14 11:32:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs [2013-06-12 22:34:14 | 000,000,000 | ---D | C] -- C:\4dd0f24423193e5b8f104b3d5b3f [2013-06-09 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LiveGBoost [2013-06-09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\GZero [2013-06-09 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GZero [2013-06-09 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\GBoost [2013-06-09 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics [2013-06-05 11:29:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\skróty [2013-06-05 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Marcin [2013-06-05 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Piotr [2013-06-05 11:25:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Sławek [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-06-04 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013-06-04 10:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013-06-04 10:07:25 | 002,868,736 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll [2013-06-04 10:07:25 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys [2013-06-04 10:07:25 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll [2013-06-04 10:07:25 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll [2013-06-04 10:07:24 | 003,105,280 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll [2013-06-04 10:07:24 | 000,228,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys [2013-06-04 10:07:24 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll [2013-06-04 10:07:24 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll [2013-06-04 10:07:24 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll [2013-06-04 10:07:23 | 000,536,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll [2013-06-04 10:07:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe [2013-06-04 10:07:23 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe [2013-06-04 10:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net [2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU [2013-06-03 22:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SARDU [2013-06-03 22:35:02 | 000,000,000 | ---D | C] -- C:\Temp [2013-06-03 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp [2013-06-03 22:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\APN ========== Files - Modified Within 30 Days ========== [2013-07-02 16:18:39 | 000,032,215 | ---- | M] () -- C:\Users\Administrator\Desktop\5.png [2013-07-02 16:05:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-07-02 16:01:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-07-02 15:44:56 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-07-02 15:44:56 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-07-02 15:43:26 | 000,149,749 | ---- | M] () -- C:\Users\Administrator\Desktop\4.png [2013-07-02 15:39:54 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-07-02 15:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-07-02 15:39:35 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys [2013-07-02 15:24:56 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-07-02 15:19:57 | 000,127,688 | ---- | M] () -- C:\Users\Administrator\Desktop\3.png [2013-07-02 15:19:33 | 000,117,925 | ---- | M] () -- C:\Users\Administrator\Desktop\1.png [2013-07-02 15:19:19 | 000,127,832 | ---- | M] () -- C:\Users\Administrator\Desktop\2.png [2013-07-02 15:16:18 | 000,001,426 | ---- | M] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk [2013-07-02 15:07:03 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-07-02 15:06:59 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-07-02 15:06:56 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013-07-02 15:06:56 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013-07-02 14:36:41 | 000,000,842 | ---- | M] () -- C:\Windows\System32\MsiExec.RPT [2013-07-01 16:56:29 | 000,697,988 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-07-01 16:56:29 | 000,616,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-07-01 16:56:29 | 000,135,284 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-07-01 16:56:29 | 000,106,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013-06-12 17:05:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-06-12 17:05:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-06-04 10:13:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin ========== Files Created - No Company Name ========== [2013-07-02 16:18:38 | 000,032,215 | ---- | C] () -- C:\Users\Administrator\Desktop\5.png [2013-07-02 15:43:26 | 000,149,749 | ---- | C] () -- C:\Users\Administrator\Desktop\4.png [2013-07-02 15:24:43 | 000,293,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013-07-02 15:19:57 | 000,127,688 | ---- | C] () -- C:\Users\Administrator\Desktop\3.png [2013-07-02 15:19:19 | 000,127,832 | ---- | C] () -- C:\Users\Administrator\Desktop\2.png [2013-07-02 15:18:21 | 000,117,925 | ---- | C] () -- C:\Users\Administrator\Desktop\1.png [2013-07-02 15:16:18 | 000,001,426 | ---- | C] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk [2013-07-02 14:36:41 | 000,000,842 | ---- | C] () -- C:\Windows\System32\MsiExec.RPT [2013-06-04 10:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-06-04 10:07:24 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2013-06-04 10:07:23 | 000,078,848 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2013-04-30 23:48:41 | 000,007,637 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg [2013-04-30 23:28:48 | 000,000,640 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol [2013-03-17 16:44:38 | 000,000,404 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013-02-17 11:10:05 | 000,003,912 | ---- | C] () -- C:\Windows\System32\HideMyIpSRV.ini [2013-02-17 11:10:05 | 000,002,096 | ---- | C] () -- C:\Windows\System32\HideMyIpSRVOff.ini [2013-02-03 22:47:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013-02-03 22:47:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013-02-03 22:47:35 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2013-02-03 22:47:32 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013-02-03 22:47:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2013-01-27 18:20:16 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT [2013-01-26 00:06:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2013-01-26 00:06:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012-06-11 14:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe ========== ZeroAccess Check ========== [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > [/log] Jakiś zakaz hotlinkowania wyskoczył, więc spakowałem wszystko do archiwum (zdjęcie nr. 5 sposób, ustawienia ostatniego skanowania OTL'em): http://www.speedyshare.com/HaTGK/printscr.rar Extras.txt [log]OTL Extras logfile created on: 2013-07-02 16:17:31 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,18 Mb Total Physical Memory | 297,86 Mb Available Physical Memory | 29,11% Memory free 2,46 Gb Paging File | 1,69 Gb Available in Paging File | 68,71% Paging File free Paging file location(s): c:\pagefile.sys 1500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 51,97 Gb Free Space | 69,74% Space Free | Partition Type: NTFS Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" [HKEY_USERS\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04AEC6CB-866D-4097-823D-96E881B37035}" = rport=137 | protocol=17 | dir=out | app=system | "{04F63EA0-D4F2-4BD6-B8C8-BB0D4A090B3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{06A16589-CF67-42C4-B414-32E8DE938EB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{33CDCD12-BCBD-4C9E-949D-74C24D2C464B}" = lport=138 | protocol=17 | dir=in | app=system | "{4119D5CD-156E-4600-89C1-82CB3D819187}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D42F7A4-12A5-40E3-9415-7A9776218D4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5AFA8619-C77C-4E87-BACB-66D7F17401C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B7EA441-CCC0-4C5E-8522-92B6D32762DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{628B541A-D34D-4C27-8661-9B6DE814E04D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6399F48A-C696-43C8-8C1D-961C77F050C3}" = rport=445 | protocol=6 | dir=out | app=system | "{68012F0C-C6F7-4E66-BEE8-94097C8C0571}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6AA7448F-5E0E-4980-BE81-DB2C7AA3E9CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{733BB00D-5238-40E3-A674-746C530BFF68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7BD56393-8741-4918-B3F3-54A4FC6B37CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E66F4E0-9011-4A11-804F-922DCC79CAFA}" = rport=10243 | protocol=6 | dir=out | app=system | "{88F40FC8-19BE-4D82-9739-98B52CD3CDF5}" = lport=10243 | protocol=6 | dir=in | app=system | "{9A55525B-42F4-480A-8635-C7B6FF26976F}" = rport=139 | protocol=6 | dir=out | app=system | "{A8F83C7C-2485-45D1-8FEC-37015F13CC28}" = lport=139 | protocol=6 | dir=in | app=system | "{AE2787A8-073C-45A4-BB9C-A7C7D746D73C}" = lport=2869 | protocol=6 | dir=in | app=system | "{B0D72FA3-BFD4-46FD-94C7-55E62572E4D9}" = lport=445 | protocol=6 | dir=in | app=system | "{B66FA298-B07D-4E87-87A3-F3772FF1973B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B95D20D4-8C9F-42F4-8494-25C056A42576}" = rport=138 | protocol=17 | dir=out | app=system | "{BEE6CA3F-29DB-420E-9C3A-C4BA8328B1A7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | "{D3BB52CB-74C0-460C-B628-9F2177EEDA57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D51E6094-735A-4A7A-A81A-BDB78CABCE10}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | "{D7014FA5-41B7-4C35-8284-BDBB2A5C0FA4}" = lport=137 | protocol=17 | dir=in | app=system | "{D74B3DCA-09E8-4B6A-AC5A-F3C3CB471E89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07F3559C-4B03-4894-9DA4-415297233014}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{0F464F42-FCF2-4B09-9EC3-DA4BCA2DAAC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{17325361-6686-48A4-97DC-449A26A61DF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{32AFC82C-EAED-4B67-968B-6EB7EB38CDCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{32BEEE98-3518-4E9D-9EE7-85B677045211}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | "{4D45B7B9-5929-4B07-8FDF-950E0D05F029}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe | "{58FCF44F-0920-475C-B3F8-0741F03BA527}" = protocol=6 | dir=out | app=system | "{5D416532-7730-4273-9BD6-90E90C5D2C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5DEE1A47-B5A7-45D0-8F54-1FEA96B96D97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6958EFD7-65DF-4B22-94B1-AD7534BBBC93}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7256CF18-EFD2-49F3-8D19-F1A41E33A1F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{72E8A9BE-EB66-481B-88E2-90D5E2E8A03F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B4488FB-274D-4D9C-9CEC-916DFDE7AE1C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A1C3F4A3-055F-405E-880B-1F9DF1D85D28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AFC9FBA0-E197-4793-B89B-9B2C58400E5B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{B8AFA463-8945-4119-BFE0-08C2CAB54031}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D1E6C5E3-63F0-4390-9BDD-5A771F6AABA1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E67AC286-184A-4EAD-861E-FEA816AE06EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EA607723-BEC1-4914-92D9-7366D263B1BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EC9B4819-A755-4F2E-8904-938EAA05BBD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EE36251C-B16B-403B-935B-E957A6873A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FE33CD58-F2C6-4A18-9B8D-50DAF29E755B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{82613EB5-003B-4792-95EB-3F443AE78D25}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{844A298E-ADAC-49E2-B2C0-7A935881314F}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{99AFCC09-E3B4-426E-A97D-8482BD661F67}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{AADCE6FD-432B-4A00-A5B5-A41B4365902D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{04D77BD1-6365-4413-B853-2E307C571D85}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{C6DADD95-FD33-4C08-AA60-04DEFA73366D}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{D14CA9C8-03A2-45AC-8DB1-916F43216DCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F25C1016-C55F-4F37-A674-026CFAFB8B7B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All "{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{11A292E3-E60B-1335-C4F8-92F1841725D6}" = CCC Help Greek "{12CB7D4B-F29B-08D3-B305-3C3163F11E6D}" = CCC Help Finnish "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{22A0602D-A83C-14A7-A09B-F3E13044D395}" = CCC Help Turkish "{22E05721-B122-F1A6-7EB2-3A61CA382464}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{32BA6FBB-C948-F45E-934C-5CC049D16263}" = CCC Help Hungarian "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35767883-90A2-B69B-E128-2912DD65CA09}" = CCC Help Dutch "{386AB6EF-B693-C15B-52F5-88BDC6B8291E}" = CCC Help Danish "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40138968-506D-15D7-B6DD-059C06EA2682}" = CCC Help Chinese Standard "{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6905AAF7-2EEA-4BC0-A429-9A6FB75D57BF}" = Windows Live Family Safety "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74BB27FA-63B9-DE85-04CB-69D51FF14AD6}" = CCC Help Chinese Traditional "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{88F66BC2-87E5-53F8-48DD-728501B98181}" = CCC Help Thai "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DC72EF6-1EB6-610C-6CAB-709718CD2132}" = CCC Help English "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D9F86BB-E232-AC3B-8705-146AC303F636}" = CCC Help Polish "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA3F9FB3-20DF-8CAA-919A-F507FCAA9AB9}" = CCC Help Japanese "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B1F7BB94-BE89-92DF-4736-D94A13E32622}" = CCC Help Swedish "{BA592980-D2D8-74B9-D9B0-84FB947F8DC9}" = CCC Help Portuguese "{BAFCE6EC-1BED-0644-4AE0-0827D3A5BF2D}" = CCC Help Russian "{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CDC9CB03-079E-D721-4210-0CD5AE082A1B}" = CCC Help Italian "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DE5D7C38-92A7-675C-A49E-1B4F3D945AFE}" = CCC Help French "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2E654A9-FF43-C395-2673-1385B493C574}" = CCC Help Korean "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E600853D-6991-2174-0826-F0DE7E024602}" = CCC Help Spanish "{E735A4C4-F4E0-0BA6-288F-C792BD8969B1}" = CCC Help Norwegian "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{EEA93FD7-132D-2968-9478-D84CAAF3FAD5}" = CCC Help Czech "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "EPSON Printer and Utilities" = EPSON Printer Software "Google Chrome" = Google Chrome "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "uTorrent" = µTorrent "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = WinRAR 4.20 (32-bitowy) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-07-02 08:36:37 | Computer Name = slawek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: wmiprvse.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc39a Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000000a2 Identyfikator procesu powodującego błąd: 0x198c Godzina uruchomienia aplikacji powodującej błąd: 0x01ce7720c1b690e2 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\wbem\wmiprvse.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 093f1229-e314-11e2-af44-001731ce5d6e Error - 2013-07-02 08:55:21 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 08:55:35 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = Error - 2013-07-02 08:58:04 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 08:58:20 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = Error - 2013-07-02 08:58:22 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 08:58:31 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = Error - 2013-07-02 08:58:59 | Computer Name = slawek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MsiExec.exe, wersja: 5.0.7600.16385, sygnatura czasowa: 0x4a5bc3e6 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16915, sygnatura czasowa: 0x4ec49caf Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000003a Identyfikator procesu powodującego błąd: 0x1154 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce7723c671e368 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\MsiExec.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 28d53169-e317-11e2-af44-001731ce5d6e Error - 2013-07-02 09:06:15 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 09:06:39 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = Error - 2013-07-02 09:06:40 | Computer Name = slawek | Source = VSS | ID = 8193 Description = Error - 2013-07-02 09:06:50 | Computer Name = slawek | Source = System Restore | ID = 8193 Description = [ Media Center Events ] Error - 2013-03-28 07:13:55 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 12:13:54 - Błąd podczas nawiązywania połączenia z Internetem. 12:13:54 - Nie można skontaktować się z serwerem.. Error - 2013-03-28 08:14:12 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 13:14:12 - Błąd podczas nawiązywania połączenia z Internetem. 13:14:12 - Nie można skontaktować się z serwerem.. Error - 2013-03-28 09:14:28 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 14:14:28 - Błąd podczas nawiązywania połączenia z Internetem. 14:14:28 - Nie można skontaktować się z serwerem.. Error - 2013-03-28 10:14:40 | Computer Name = slawek | Source = MCUpdate | ID = 0 Description = 15:14:40 - Błąd podczas nawiązywania połączenia z Internetem. 15:14:40 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2013-05-18 04:22:41 | Computer Name = slawek | Source = atikmdag | ID = 43029 Description = Display is not active Error - 2013-05-18 04:23:03 | Computer Name = slawek | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2013-05-18 04:23:04 | Computer Name = slawek | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2013-05-18 05:12:39 | Computer Name = slawek | Source = atikmdag | ID = 43029 Description = Display is not active Error - 2013-05-18 06:19:27 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 0 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-05-18 06:19:27 | Computer Name = slawek | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Funkcje zarządzania zasilaniem dotyczące wydajności dla procesora 1 w grupie 0 zostały wyłączone z powodu problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 2013-05-18 06:19:31 | Computer Name = slawek | Source = atikmdag | ID = 43029 Description = Display is not active Error - 2013-05-18 06:19:51 | Computer Name = slawek | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2013-05-18 06:19:53 | Computer Name = slawek | Source = WMPNetworkSvc | ID = 866300 Description = < End of report > [/log]
Zayfi komentarz 2 lipca 2013 komentarz 2 lipca 2013 Uruchom OTL i w oknie Własne opcje skanowania/ skrypt wklej :OTL O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] "C:\ProgramData\Realtek0\xsytzecrn.exe" File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 2dd85c52-ee71-4455-acff-d27e8930d0ee File not foundO18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found :Files C:\Users\Administrator\AppData\Roaming\tor :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" :Commands [reboot] Kliknij w wykonaj skrypt Po restarcie robisz nowy skan OTL i dajesz raport 1
kuker173 komentarz 4 lipca 2013 Autor komentarz 4 lipca 2013 Uruchom OTL i w oknie Własne opcje skanowania/ skrypt wklej :OTL O4 - HKU\S-1-5-20..\Run: [Realtek Audio Manager] "C:\ProgramData\Realtek0\xsytzecrn.exe" File not found O4 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500..\Run: [GUID] 2dd85c52-ee71-4455-acff-d27e8930d0ee File not foundO18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found :Files C:\Users\Administrator\AppData\Roaming\tor :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" :Commands [reboot] Kliknij w wykonaj skrypt Po restarcie robisz nowy skan OTL i dajesz raport OTL.txt [log]OTL logfile created on: 2013-07-04 09:22:16 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,18 Mb Total Physical Memory | 564,21 Mb Available Physical Memory | 55,14% Memory free 2,46 Gb Paging File | 2,03 Gb Available in Paging File | 82,51% Paging File free Paging file location(s): c:\pagefile.sys 1500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 52,18 Gb Free Space | 70,03% Space Free | Partition Type: NTFS Computer Name: SLAWEK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-07-02 14:22:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg\OTL.exe PRC - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe PRC - [2013-05-11 08:56:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013-01-27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2013-06-12 17:05:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-01-27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-01-27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-01-25 22:51:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandadb.sys -- (androidusb) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandnetadb.sys -- (andnetadb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus) DRV - [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013-04-27 11:03:36 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc) DRV - [2013-01-20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011-12-15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011-05-13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-05-13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011-05-13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010-09-28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010-08-16 06:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes,DefaultScope = {2D78A1C7-4871-48F2-B082-9A07735F22A5} IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\..\SearchScopes\{2D78A1C7-4871-48F2-B082-9A07735F22A5}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2013-04-23 21:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Dokumenty Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Wejście\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1479647861-2200554912-3825245069-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD5DEE3-DF97-4A08-8E76-7FC17215B972}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-07-02 22:12:30 | 000,000,000 | ---D | C] -- C:\_OTL [2013-07-02 15:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-07-02 15:07:26 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-07-02 15:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-07-02 15:07:14 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-07-02 15:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-07-02 14:29:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-07-02 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\proggggggggggggggggggggggggggggg [2013-06-29 20:06:28 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\MSDCSC [2013-06-29 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\folder name [2013-06-29 20:06:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\RTAudioDriver0 [2013-06-29 19:32:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0 [2013-06-29 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic [2013-06-29 18:38:04 | 000,000,000 | ---D | C] -- C:\Fraps [2013-06-28 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2013-06-28 18:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013-06-28 18:34:19 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013-06-28 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2013-06-28 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013-06-25 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair [2013-06-21 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2013-06-19 17:07:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Roaming\bgr [2013-06-14 11:32:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs [2013-06-12 22:34:14 | 000,000,000 | ---D | C] -- C:\4dd0f24423193e5b8f104b3d5b3f [2013-06-09 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LiveGBoost [2013-06-09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\GZero [2013-06-09 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GZero [2013-06-09 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\GBoost [2013-06-09 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics [2013-06-05 11:29:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\skróty [2013-06-05 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Marcin [2013-06-05 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Piotr [2013-06-05 11:25:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Sławek [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI [2013-06-04 10:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-06-04 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013-06-04 10:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013-06-04 10:07:25 | 002,868,736 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll [2013-06-04 10:07:25 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys [2013-06-04 10:07:25 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll [2013-06-04 10:07:25 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll [2013-06-04 10:07:24 | 003,105,280 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll [2013-06-04 10:07:24 | 000,228,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys [2013-06-04 10:07:24 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll [2013-06-04 10:07:24 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll [2013-06-04 10:07:24 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll [2013-06-04 10:07:23 | 000,536,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll [2013-06-04 10:07:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe [2013-06-04 10:07:23 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe [2013-06-04 10:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-07-04 09:26:03 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-07-04 09:26:03 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-07-04 09:20:56 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-07-04 09:20:48 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-07-04 09:20:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-07-04 09:20:23 | 804,659,200 | -HS- | M] () -- C:\hiberfil.sys [2013-07-03 22:05:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-07-03 22:01:05 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-07-03 16:40:30 | 000,012,283 | ---- | M] () -- C:\Users\Administrator\Desktop\potwierdzenie (1).pdf [2013-07-02 15:16:18 | 000,001,426 | ---- | M] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk [2013-07-02 15:07:03 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-07-02 15:06:59 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-07-02 15:06:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-07-02 15:06:56 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013-07-02 15:06:56 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013-07-02 14:36:41 | 000,000,842 | ---- | M] () -- C:\Windows\System32\MsiExec.RPT [2013-07-01 16:56:29 | 000,697,988 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-07-01 16:56:29 | 000,616,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-07-01 16:56:29 | 000,135,284 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-07-01 16:56:29 | 000,106,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-06-28 18:34:19 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013-06-12 17:05:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-06-12 17:05:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-06-04 10:13:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-07-04 09:20:28 | 000,293,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013-07-03 16:41:51 | 000,012,283 | ---- | C] () -- C:\Users\Administrator\Desktop\potwierdzenie (1).pdf [2013-07-02 15:16:18 | 000,001,426 | ---- | C] () -- C:\Users\Administrator\Desktop\skaner wirusów - włączać co kilka dni !!!.lnk [2013-07-02 14:36:41 | 000,000,842 | ---- | C] () -- C:\Windows\System32\MsiExec.RPT [2013-06-04 10:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-06-04 10:07:24 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2013-06-04 10:07:23 | 000,078,848 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2013-04-30 23:48:41 | 000,007,637 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg [2013-04-30 23:28:48 | 000,000,640 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol [2013-03-17 16:44:38 | 000,000,404 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013-02-17 11:10:05 | 000,003,912 | ---- | C] () -- C:\Windows\System32\HideMyIpSRV.ini [2013-02-17 11:10:05 | 000,002,096 | ---- | C] () -- C:\Windows\System32\HideMyIpSRVOff.ini [2013-02-03 22:47:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013-02-03 22:47:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013-02-03 22:47:35 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2013-02-03 22:47:32 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013-02-03 22:47:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2013-01-27 18:20:16 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT [2013-01-26 00:06:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2013-01-26 00:06:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012-06-11 14:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > [/log]
Zayfi komentarz 4 lipca 2013 komentarz 4 lipca 2013 Pobierz System Look > uruchom > w puste okno wklej :reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Kliknij w Look i daj raport http://jpshortstuff.247fixes.com/SystemLook.html 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.