Adain utworzono 7 maja 2014 utworzono 7 maja 2014 (edytowane) Witam serdecznie. Od jakiegoś czasu strasznie wolno pracuje komputer. Jest on strasznie zaniedbany więc czas się za niego wziąć. Dodatkowo ilość otwierających się reklam za 1 kliknięciem dochodzi czasem do 4. W najbliższym czasie mam zamiar wyczyścić go do zera ale do tego czasu przydałoby się zwykłe czyszczenie. Wklejam tutaj logi i proszę o pomoc. 1. Log z OTL [log]OTL logfile created on: 2014-05-07 22:46:06 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damian\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,98 Gb Total Physical Memory | 4,90 Gb Available Physical Memory | 61,34% Memory free 15,96 Gb Paging File | 12,78 Gb Available in Paging File | 80,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 145,61 Gb Free Space | 31,27% Space Free | Partition Type: NTFS Computer Name: DAMIAN-KOMPUTER | User Name: Damian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014-05-07 22:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Downloads\OTL.exe PRC - [2014-05-01 22:22:40 | 003,588,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe PRC - [2014-04-28 19:49:29 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe PRC - [2014-04-18 16:41:57 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-04-15 10:46:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2014-03-29 21:03:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2014-02-05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-09-20 15:02:30 | 000,103,936 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\swriter.exe PRC - [2013-09-20 15:02:28 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe PRC - [2013-09-20 15:02:28 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2014-05-01 22:22:39 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll MOD - [2014-05-01 22:22:38 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll MOD - [2014-05-01 22:22:38 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll MOD - [2014-05-01 22:22:38 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll MOD - [2014-05-01 22:22:38 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll MOD - [2014-05-01 22:22:38 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll MOD - [2014-05-01 22:22:38 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll MOD - [2014-05-01 22:22:38 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll MOD - [2014-04-28 19:49:29 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll MOD - [2014-04-18 16:41:57 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014-03-29 21:03:04 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-09-20 13:50:06 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll MOD - [2013-09-17 04:54:38 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll ========== Services (SafeList) ========== SRV:64bit: - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014-02-05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:64bit: - [2014-01-16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2014-04-28 19:49:29 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-04-15 10:46:28 | 002,227,536 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2014-04-08 18:45:50 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2014-03-29 21:03:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-09-24 22:31:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013-09-05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-05-29 01:50:00 | 003,995,128 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys -- ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64) DRV:64bit: - [2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2014-04-18 16:41:58 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:64bit: - [2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2014-04-18 16:41:58 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2014-04-18 16:41:58 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:64bit: - [2013-12-27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2013-11-28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2013-06-20 14:50:59 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013-06-20 14:50:59 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2013-01-31 21:08:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-06-23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-03-15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2010-03-15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) DRV:64bit: - [2010-03-15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) DRV:64bit: - [2010-03-15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2010-03-15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) DRV:64bit: - [2010-03-15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2010-03-15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) DRV:64bit: - [2009-08-21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007-01-04 13:47:10 | 000,071,832 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\e4ldrx64.sys -- (E4LOADER) DRV:64bit: - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e4usbawx64.sys -- (e4usbaw) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\e4usbawx64.sys -- (e4usbaw) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{476E8BB4-0B4A-4284-8956-2CEE427CC48F}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{DFC7BF2D-5600-43DA-98FD-F0C881B38A3E}: "URL" = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms} IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Damian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-18 16:41:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-07-22 13:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Extensions [2014-05-07 10:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Firefox\Profiles\k0kln3jn.default\extensions [2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2014-03-29 21:03:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-03-29 21:03:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Search Here (Enabled) CHR - default_search_provider: search_url = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.msn.com/?pc=AV01 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Damian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Dokumenty Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: McAfee Security Scan+ = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\ CHR - Extension: Szukaj w Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Fiery Horse chrome Theme = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\ CHR - Extension: Google Wallet = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1370600-A1CC-4A4B-B3FC-84DF444F59E5}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell - "" = AutoRun O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014-05-06 21:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014-05-06 21:17:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-05-06 21:17:47 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-05-06 21:17:41 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014-05-06 21:17:34 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-05-06 21:17:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014-05-06 21:17:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-05-06 21:17:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-05-06 21:17:33 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-05-06 21:17:33 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-05-06 21:17:33 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014-05-06 21:17:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014-05-06 21:17:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-05-06 21:17:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-05-06 21:17:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-05-06 21:17:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-05-06 21:17:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-05-06 21:17:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-05-06 21:17:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-05-06 21:17:32 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014-05-06 21:17:30 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014-05-06 21:17:30 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-05-06 21:17:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-05-06 21:17:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014-05-06 21:17:29 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-05-06 21:17:29 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-05-06 21:17:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-05-06 21:17:28 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-05-06 21:17:27 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-05-06 21:17:26 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-05-06 21:17:11 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel [2014-05-06 19:28:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014-05-06 19:28:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014-05-02 00:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2014-05-01 23:59:47 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2014-05-01 23:55:11 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2014-05-01 23:55:11 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2014-05-01 23:55:11 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2014-05-01 23:55:11 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2014-05-01 23:55:11 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2014-05-01 23:55:11 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2014-05-01 23:55:11 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2014-05-01 23:55:11 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2014-05-01 23:55:11 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2014-05-01 23:55:11 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2014-05-01 23:55:11 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2014-05-01 23:55:11 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2014-05-01 23:55:11 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2014-05-01 23:55:11 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2014-05-01 23:55:11 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433523.dll [2014-05-01 23:55:11 | 001,516,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433523.dll [2014-05-01 23:55:11 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2014-05-01 23:55:11 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2014-05-01 23:55:11 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2014-05-01 23:55:11 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2014-05-01 23:55:11 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2014-05-01 23:55:11 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2014-05-01 23:55:11 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2014-05-01 23:55:11 | 000,377,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll [2014-05-01 23:55:11 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll [2014-05-01 23:55:11 | 000,333,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll [2014-05-01 23:55:11 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll [2014-05-01 23:55:11 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2014-05-01 23:55:11 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2014-05-01 23:55:11 | 000,148,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2014-05-01 23:55:11 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys [2014-05-01 23:55:11 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll [2014-05-01 23:55:11 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2014-05-01 10:23:17 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [2014-04-26 15:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone [2014-04-20 21:18:31 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Local\Skyrim [2014-04-20 21:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim [2014-04-20 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\Skyrim [2014-04-20 20:55:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014-04-20 20:55:53 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014-04-20 20:55:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014-04-20 20:55:53 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014-04-20 20:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014-04-20 20:53:31 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Solvusoft [2014-04-20 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc [2014-04-18 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\DropboxMaster [2014-04-18 17:06:39 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2014-04-18 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Dropbox [2014-04-18 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\AVAST Software [2014-04-18 16:42:08 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-04-18 16:41:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014-04-16 15:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2014-04-16 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2014-04-10 17:03:45 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2014-04-10 17:03:45 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll [2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll [2014-04-10 17:03:43 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2014-04-10 17:03:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2014-04-10 17:03:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2014-04-10 17:03:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2014-04-10 17:03:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2014-04-10 17:03:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2014-04-10 17:03:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2014-04-10 17:03:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2014-04-10 17:03:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2014-04-10 17:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe ========== Files - Modified Within 30 Days ========== [2014-05-07 22:47:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-05-07 22:17:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-05-07 20:53:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DriverDoc_UPDATES.job [2014-05-07 19:08:40 | 000,005,207 | ---- | M] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg [2014-05-07 17:55:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job [2014-05-07 11:17:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-05-07 09:53:26 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-05-07 09:53:26 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-05-07 09:44:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-05-07 09:44:07 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys [2014-05-06 21:54:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014-05-06 12:11:08 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-05-04 16:44:06 | 520,801,250 | ---- | M] () -- C:\Users\Damian\Documents\Untitled.mp4 [2014-05-04 16:25:51 | 001,670,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-05-04 16:25:51 | 000,740,438 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-05-04 16:25:51 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-05-04 16:25:51 | 000,156,012 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-05-04 16:25:51 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-05-03 17:55:00 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job [2014-04-29 16:58:48 | 000,510,614 | ---- | M] () -- C:\Users\Damian\Desktop\wlzał12.jpg [2014-04-29 16:54:44 | 000,172,815 | ---- | M] () -- C:\Users\Damian\Desktop\wlazły.jpg [2014-04-29 16:54:05 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2014-04-28 19:49:29 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-04-28 19:49:29 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [2014-04-20 21:15:45 | 000,001,102 | ---- | M] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk [2014-04-20 20:53:26 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\DriverDoc.lnk [2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014-04-18 16:41:58 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-04-18 16:41:58 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-04-18 16:41:58 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-04-18 16:41:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014-04-18 16:41:58 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-04-18 16:24:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2014-04-15 18:50:51 | 000,028,489 | ---- | M] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt [2014-04-14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014-04-14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014-04-14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014-04-14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014-04-14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014-04-14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014-04-11 18:30:20 | 000,027,384 | ---- | M] () -- C:\Users\Damian\Desktop\makro.odt [2014-04-10 21:24:58 | 000,049,656 | ---- | M] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg ========== Files Created - No Company Name ========== [2014-05-07 19:08:40 | 000,005,207 | ---- | C] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg [2014-05-06 21:54:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014-04-29 16:58:48 | 000,510,614 | ---- | C] () -- C:\Users\Damian\Desktop\wlzał12.jpg [2014-04-29 16:52:59 | 000,172,815 | ---- | C] () -- C:\Users\Damian\Desktop\wlazły.jpg [2014-04-20 21:15:45 | 000,001,102 | ---- | C] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk [2014-04-20 20:53:39 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\DriverDoc_UPDATES.job [2014-04-20 20:53:26 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\DriverDoc.lnk [2014-04-18 16:42:06 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-04-15 18:50:48 | 000,028,489 | ---- | C] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt [2014-04-10 22:40:53 | 000,027,384 | ---- | C] () -- C:\Users\Damian\Desktop\makro.odt [2014-04-10 21:24:58 | 000,049,656 | ---- | C] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg [2014-04-10 12:58:36 | 000,001,385 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-04-10 12:58:36 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-04-10 12:58:36 | 000,001,079 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk [2013-12-07 21:21:51 | 000,002,132 | ---- | C] () -- C:\Users\Damian\AppData\Local\recently-used.xbel [2013-11-19 18:18:06 | 000,007,605 | ---- | C] () -- C:\Users\Damian\AppData\Local\Resmon.ResmonCfg [2013-10-25 10:37:41 | 000,000,266 | RHS- | C] () -- C:\Users\Damian\ntuser.pol [2013-09-24 22:31:04 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2013-09-24 22:31:04 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2013-09-24 22:31:03 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013-09-24 22:31:03 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013-09-14 21:41:53 | 001,642,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-09-07 17:21:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe [2013-07-27 00:43:06 | 000,000,106 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WB.CFG [2013-07-13 03:03:50 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q5-TTL.DAT [2013-07-05 01:07:11 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q3-TTL.DAT [2013-06-21 19:17:33 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2013-06-18 10:44:08 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q2-TTL.DAT [2013-06-17 14:43:24 | 000,000,006 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-TTL.DAT [2013-04-13 22:19:12 | 000,006,656 | ---- | C] () -- C:\Users\Damian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-04-13 22:04:54 | 000,000,499 | ---- | C] () -- C:\Users\Damian\AppData\Local\HamsterVideoConverterSettings.cfg [2013-02-14 19:34:17 | 000,000,047 | ---- | C] () -- C:\Users\Damian\config.ini [2013-02-14 19:34:06 | 000,000,058 | ---- | C] () -- C:\Users\Damian\list.inf [2013-02-14 19:33:58 | 000,000,988 | ---- | C] () -- C:\Users\Damian\version.wvd [2012-09-24 20:31:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012-08-12 16:53:54 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini [2012-07-22 10:59:25 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini [2012-07-22 10:59:25 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini [2012-07-22 10:59:16 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe [2012-07-22 10:59:16 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe [2012-07-22 10:59:16 | 000,001,100 | ---- | C] () -- C:\Windows\adiras.ini [2012-07-22 10:59:13 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe [2012-07-21 20:51:45 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini ========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013-12-14 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraft [2013-07-06 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraftzyczu [2014-04-18 16:47:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\AVAST Software [2014-03-13 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Battle.net [2014-05-06 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DAEMON Tools Lite [2012-08-08 17:55:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\dll-files.com [2014-04-18 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Dropbox [2014-04-18 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DropboxMaster [2014-04-03 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GG [2013-07-18 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GoPro [2013-06-02 17:43:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Hoolapp Packages [2012-07-22 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\LolClient [2013-07-30 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Milestone [2013-10-08 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\OpenOffice [2013-10-10 21:51:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Origin [2013-04-13 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Publish Providers [2013-06-02 17:01:41 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\SmartPCFix [2014-04-20 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Solvusoft [2013-10-11 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony [2013-04-13 19:14:57 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony Creative Software Inc [2013-07-16 19:41:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TERA [2013-09-28 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Tibia [2014-05-03 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TS3Client [2013-06-10 16:06:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Unity [2012-08-08 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\wargaming.net [2013-04-13 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report >[/log] 2. log z gmer [log]GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-07 23:33:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB Running: gmer.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033b4000 63 bytes [46, 49, 4C, 45, 30, 00, 03, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800033b4042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\services.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[2300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2788] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 00000000760f1465 2 bytes [0F, 76] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2788] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000760f14bb 2 bytes [0F, 76] .text ... * 2 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe[3344] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075fa8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[4236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075a68e4e 5 bytes JMP 000000016251c350 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075a70dfb 5 bytes JMP 000000016251c2e0 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetFocus 0000000075a72175 5 bytes JMP 000000016251c330 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetActiveWindow 0000000075a73208 5 bytes JMP 000000016251c3a0 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075a77b3b 4 bytes JMP 000000016251c240 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000075a8f170 4 bytes JMP 000000016251c210 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 0000000075aa90fc 4 bytes JMP 000000016251c270 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 0000000075ac7d97 5 bytes JMP 000000016251c290 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\ole32.dll!DoDragDrop 000000007670a827 5 bytes JMP 000000016251c1f0 .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760f1465 2 bytes [0F, 76] .text C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760f14bb 2 bytes [0F, 76] .text ... * 2 .text C:\Windows\system32\SearchProtocolHost.exe[7752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705ef8d 1 byte [62] .text C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.027\gmer.exe[5140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075fca2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4836:4792] 000007feea2b9688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1672] (GG drive overlay/GG Network S.A.)(2012-08-02 08:34:18) 000000005c080000 Library C:\Users\Damian\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1672] (GG drive menu/GG Network S.A.)(2 000000005ff80000 Library C:\Users\Damian\Downloads\OTL.exe (*** suspicious ***) @ C:\Users\Damian\Downloads\OTL.exe [7908] 0000000000400000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Program Files\WinRAR\WinRAR.exe [7448] (GG drive overlay/GG Network S.A.)(2012 000000005c080000 Process C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.027\gmer.exe (*** suspicious ***) @ C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.027\gmer.exe [5140](2014-05-07 20:50:13) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Damian\Downloads\Bez\xa0tytułu.png.exe 1 ---- Files - GMER 2.1 ---- File C:\Program Files (x86)\Origin Games\FIFA 14\Game\polish_pl.bh 36 bytes File C:\Program Files (x86)\Origin Games\FIFA 14\Game\polish_pl.big 101 bytes File C:\Program Files (x86)\Origin Games\FIFA 14\Game\pol_pl.bh 36 bytes File C:\Program Files (x86)\Origin Games\FIFA 14\Game\pol_pl.big 330836576 bytes ---- EOF - GMER 2.1 ----[/log] 3. Log z OTL po użyciu adwcleaner [log]OTL logfile created on: 2014-05-08 11:33:43 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damian\Downloads\OTL TXT 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,98 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,48% Memory free 15,96 Gb Paging File | 13,52 Gb Available in Paging File | 84,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 155,55 Gb Free Space | 33,40% Space Free | Partition Type: NTFS Computer Name: DAMIAN-KOMPUTER | User Name: Damian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-05-07 22:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Downloads\OTL TXT\OTL.exe PRC - [2014-04-28 19:49:29 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe PRC - [2014-04-18 16:41:57 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-04-15 10:46:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2014-03-29 21:03:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-03-19 20:46:46 | 008,811,680 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~2\MICROS~1\OFFICE11\WORDVIEW.EXE PRC - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2014-02-05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-04-28 19:49:29 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll MOD - [2014-04-18 16:41:57 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014-03-29 21:03:04 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2009-02-26 11:45:08 | 000,024,912 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\Wordcnvpxy.cnv [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-02-05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2014-01-16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService) SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2014-04-28 19:49:29 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-04-15 10:46:28 | 002,227,536 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2014-04-08 18:45:50 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2014-03-29 21:03:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-09-24 22:31:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013-09-05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-05-29 01:50:00 | 003,995,128 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys -- ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:[b]64bit:[/b] - [2013-12-27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2013-11-28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2013-06-20 14:50:59 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:[b]64bit:[/b] - [2013-06-20 14:50:59 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:[b]64bit:[/b] - [2013-01-31 21:08:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-10-19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-06-23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:[b]64bit:[/b] - [2010-03-15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) DRV:[b]64bit:[/b] - [2009-08-21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2007-01-04 13:47:10 | 000,071,832 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\e4ldrx64.sys -- (E4LOADER) DRV:[b]64bit:[/b] - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e4usbawx64.sys -- (e4usbaw) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\e4usbawx64.sys -- (e4usbaw) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{476E8BB4-0B4A-4284-8956-2CEE427CC48F}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{DFC7BF2D-5600-43DA-98FD-F0C881B38A3E}: "URL" = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms} IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Damian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-18 16:41:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-07-22 13:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Extensions [2014-05-07 10:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Firefox\Profiles\k0kln3jn.default\extensions [2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2014-03-29 21:03:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-03-29 21:03:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Search Here (Enabled) CHR - default_search_provider: search_url = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.msn.com/?pc=AV01 CHR - plugin: Pierwszy uytkownik (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Error reading preferences file CHR - Extension: Dokumenty Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Fiery Horse chrome Theme = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\ CHR - Extension: Google Wallet = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1370600-A1CC-4A4B-B3FC-84DF444F59E5}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell - "" = AutoRun O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-05-08 10:26:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2014-05-08 10:25:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-05-07 22:59:24 | 000,000,000 | -HSD | C] -- C:\Users\Damian\AppData\Local\EmieUserList [2014-05-07 22:59:24 | 000,000,000 | -HSD | C] -- C:\Users\Damian\AppData\Local\EmieSiteList [2014-05-06 21:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014-05-06 21:17:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-05-06 21:17:47 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-05-06 21:17:41 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014-05-06 21:17:34 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-05-06 21:17:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014-05-06 21:17:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-05-06 21:17:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-05-06 21:17:33 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-05-06 21:17:33 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-05-06 21:17:33 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014-05-06 21:17:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014-05-06 21:17:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-05-06 21:17:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-05-06 21:17:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-05-06 21:17:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-05-06 21:17:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-05-06 21:17:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-05-06 21:17:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-05-06 21:17:32 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014-05-06 21:17:30 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014-05-06 21:17:30 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-05-06 21:17:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-05-06 21:17:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014-05-06 21:17:29 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-05-06 21:17:29 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-05-06 21:17:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-05-06 21:17:28 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-05-06 21:17:27 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-05-06 21:17:26 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-05-06 21:17:11 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel [2014-05-06 19:28:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014-05-06 19:28:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014-05-02 00:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2014-05-01 23:59:47 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2014-05-01 23:55:11 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2014-05-01 23:55:11 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2014-05-01 23:55:11 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2014-05-01 23:55:11 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2014-05-01 23:55:11 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2014-05-01 23:55:11 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2014-05-01 23:55:11 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2014-05-01 23:55:11 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2014-05-01 23:55:11 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2014-05-01 23:55:11 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2014-05-01 23:55:11 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2014-05-01 23:55:11 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2014-05-01 23:55:11 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2014-05-01 23:55:11 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2014-05-01 23:55:11 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433523.dll [2014-05-01 23:55:11 | 001,516,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433523.dll [2014-05-01 23:55:11 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2014-05-01 23:55:11 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2014-05-01 23:55:11 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2014-05-01 23:55:11 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2014-05-01 23:55:11 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2014-05-01 23:55:11 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2014-05-01 23:55:11 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2014-05-01 23:55:11 | 000,377,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll [2014-05-01 23:55:11 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll [2014-05-01 23:55:11 | 000,333,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll [2014-05-01 23:55:11 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll [2014-05-01 23:55:11 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2014-05-01 23:55:11 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2014-05-01 23:55:11 | 000,148,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2014-05-01 23:55:11 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys [2014-05-01 23:55:11 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll [2014-05-01 23:55:11 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2014-05-01 10:23:17 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [2014-04-26 15:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone [2014-04-20 21:18:31 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Local\Skyrim [2014-04-20 21:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim [2014-04-20 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\Skyrim [2014-04-20 20:55:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014-04-20 20:55:53 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014-04-20 20:55:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014-04-20 20:55:53 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014-04-20 20:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014-04-20 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc [2014-04-18 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\DropboxMaster [2014-04-18 17:06:39 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2014-04-18 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Dropbox [2014-04-18 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\AVAST Software [2014-04-18 16:42:08 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-04-18 16:41:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014-04-16 15:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2014-04-16 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2014-04-10 17:03:45 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2014-04-10 17:03:45 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll [2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll [2014-04-10 17:03:43 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2014-04-10 17:03:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2014-04-10 17:03:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2014-04-10 17:03:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2014-04-10 17:03:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2014-04-10 17:03:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2014-04-10 17:03:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2014-04-10 17:03:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2014-04-10 17:03:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2014-04-10 17:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-05-08 11:27:35 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-05-08 10:47:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-05-08 10:36:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-05-08 10:36:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-05-08 10:28:05 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-05-08 10:27:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-05-08 10:27:40 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys [2014-05-07 20:53:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DriverDoc_UPDATES.job [2014-05-07 19:08:40 | 000,005,207 | ---- | M] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg [2014-05-07 17:55:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job [2014-05-06 21:54:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014-05-06 12:11:08 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-05-04 16:44:06 | 520,801,250 | ---- | M] () -- C:\Users\Damian\Documents\Untitled.mp4 [2014-05-04 16:25:51 | 001,670,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-05-04 16:25:51 | 000,740,438 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-05-04 16:25:51 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-05-04 16:25:51 | 000,156,012 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-05-04 16:25:51 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-05-03 17:55:00 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job [2014-04-29 16:58:48 | 000,510,614 | ---- | M] () -- C:\Users\Damian\Desktop\wlzał12.jpg [2014-04-29 16:54:44 | 000,172,815 | ---- | M] () -- C:\Users\Damian\Desktop\wlazły.jpg [2014-04-29 16:54:05 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2014-04-28 19:49:29 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-04-28 19:49:29 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [2014-04-20 21:15:45 | 000,001,102 | ---- | M] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk [2014-04-20 20:53:26 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\DriverDoc.lnk [2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014-04-18 16:41:58 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-04-18 16:41:58 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-04-18 16:41:58 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-04-18 16:41:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014-04-18 16:41:58 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-04-18 16:24:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2014-04-15 18:50:51 | 000,028,489 | ---- | M] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt [2014-04-14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014-04-14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014-04-14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014-04-14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014-04-14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014-04-14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014-04-11 18:30:20 | 000,027,384 | ---- | M] () -- C:\Users\Damian\Desktop\makro.odt [2014-04-10 21:24:58 | 000,049,656 | ---- | M] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-05-07 19:08:40 | 000,005,207 | ---- | C] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg [2014-05-06 21:54:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014-04-29 16:58:48 | 000,510,614 | ---- | C] () -- C:\Users\Damian\Desktop\wlzał12.jpg [2014-04-29 16:52:59 | 000,172,815 | ---- | C] () -- C:\Users\Damian\Desktop\wlazły.jpg [2014-04-20 21:15:45 | 000,001,102 | ---- | C] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk [2014-04-20 20:53:39 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\DriverDoc_UPDATES.job [2014-04-20 20:53:26 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\DriverDoc.lnk [2014-04-18 16:42:06 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-04-15 18:50:48 | 000,028,489 | ---- | C] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt [2014-04-10 22:40:53 | 000,027,384 | ---- | C] () -- C:\Users\Damian\Desktop\makro.odt [2014-04-10 21:24:58 | 000,049,656 | ---- | C] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg [2014-04-10 12:58:36 | 000,001,385 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-04-10 12:58:36 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-04-10 12:58:36 | 000,001,079 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk [2013-12-07 21:21:51 | 000,002,132 | ---- | C] () -- C:\Users\Damian\AppData\Local\recently-used.xbel [2013-11-19 18:18:06 | 000,007,605 | ---- | C] () -- C:\Users\Damian\AppData\Local\Resmon.ResmonCfg [2013-10-25 10:37:41 | 000,000,266 | RHS- | C] () -- C:\Users\Damian\ntuser.pol [2013-09-24 22:31:04 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2013-09-24 22:31:04 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2013-09-24 22:31:03 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013-09-24 22:31:03 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013-09-14 21:41:53 | 001,642,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-09-07 17:21:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe [2013-07-27 00:43:06 | 000,000,106 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WB.CFG [2013-07-13 03:03:50 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q5-TTL.DAT [2013-07-05 01:07:11 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q3-TTL.DAT [2013-06-21 19:17:33 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2013-06-18 10:44:08 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q2-TTL.DAT [2013-06-17 14:43:24 | 000,000,006 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-TTL.DAT [2013-04-13 22:19:12 | 000,006,656 | ---- | C] () -- C:\Users\Damian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-04-13 22:04:54 | 000,000,499 | ---- | C] () -- C:\Users\Damian\AppData\Local\HamsterVideoConverterSettings.cfg [2013-02-14 19:34:17 | 000,000,047 | ---- | C] () -- C:\Users\Damian\config.ini [2013-02-14 19:34:06 | 000,000,058 | ---- | C] () -- C:\Users\Damian\list.inf [2013-02-14 19:33:58 | 000,000,988 | ---- | C] () -- C:\Users\Damian\version.wvd [2012-09-24 20:31:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012-08-12 16:53:54 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini [2012-07-22 10:59:25 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini [2012-07-22 10:59:25 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini [2012-07-22 10:59:16 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe [2012-07-22 10:59:16 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe [2012-07-22 10:59:16 | 000,001,100 | ---- | C] () -- C:\Windows\adiras.ini [2012-07-22 10:59:13 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe [2012-07-21 20:51:45 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-12-14 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraft [2013-07-06 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraftzyczu [2014-04-18 16:47:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\AVAST Software [2014-03-13 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Battle.net [2014-05-06 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DAEMON Tools Lite [2012-08-08 17:55:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\dll-files.com [2014-04-18 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Dropbox [2014-04-18 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DropboxMaster [2014-04-03 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GG [2013-07-18 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GoPro [2013-06-02 17:43:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Hoolapp Packages [2012-07-22 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\LolClient [2013-07-30 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Milestone [2013-10-08 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\OpenOffice [2013-10-10 21:51:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Origin [2013-04-13 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Publish Providers [2013-06-02 17:01:41 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\SmartPCFix [2013-10-11 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony [2013-04-13 19:14:57 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony Creative Software Inc [2013-07-16 19:41:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TERA [2013-09-28 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Tibia [2014-05-03 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TS3Client [2013-06-10 16:06:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Unity [2012-08-08 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\wargaming.net [2013-04-13 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\XMedia Recode [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] 4. Extras [log]OTL Extras logfile created on: 2014-05-08 11:39:34 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damian\Downloads\OTL TXT 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,98 Gb Total Physical Memory | 5,39 Gb Available Physical Memory | 67,50% Memory free 15,96 Gb Paging File | 13,39 Gb Available in Paging File | 83,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 155,55 Gb Free Space | 33,40% Space Free | Partition Type: NTFS Computer Name: DAMIAN-KOMPUTER | User Name: Damian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004315D0-749C-47F0-B631-D6F6BAD9F7B0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{1E35FA07-9EDD-4463-8EA8-F5C1017A3B74}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{2013EDA1-9F34-413C-B1ED-EACB35BB15F0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{23E5697E-6221-421B-BEF6-214A8484D5AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{30C7C00F-A420-4FB3-A06F-947E66032798}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{35081302-1263-40F4-B0A6-98712D849603}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{397F3C7E-53AE-4314-89B3-C9032DB1E1F8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{40098CED-128E-45CC-A650-03897F306182}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E54A146-4BD3-4F03-968D-85F84994FBFD}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{4E8A815A-ADB4-4AAF-B657-BABC38BBDCB0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{4E94622C-D0FE-4FEA-A1DA-34853C917D7F}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{580A8E30-194A-472B-BD70-7E31E2D25A10}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{5C543E4A-2415-429C-B268-CD41129C7691}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{602F7753-B2CD-4140-99E4-123D2BF8C182}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{623F2EC8-3FA7-4267-A6FF-4B12EA23CA5B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{64538FB2-DBB4-4FA6-8C73-34777D575B3B}" = lport=10243 | protocol=6 | dir=in | app=system | "{64EB8B01-F48E-4330-A5F5-56787EDCCEC4}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{7EE338F4-15F8-4698-857C-5C85B979F991}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{80A9D865-030A-47AA-BEF4-632754D91A81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8ACBBC47-CC55-4C03-A61B-6D526F90FD08}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{8AE9D5DB-466D-4AEB-AEF8-416DEEC42A6E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{8B36254F-EAE1-4F42-9467-B1683152EEC6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8F685A8A-F44C-41E7-8FEF-A39C8EF3D821}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{91C06511-476C-49D2-ADAE-61D95EEDFB89}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{92BC3C61-B1AE-42E2-B40F-5DF063C76768}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{963F8E61-8AC2-4B54-858E-7A7FDE74E72E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{9C45407A-BE96-4B34-A474-595F04CEB42B}" = rport=10243 | protocol=6 | dir=out | app=system | "{A2F75424-CB09-4D84-8346-1AE0728CCEA6}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{AD1FDAAC-FBCF-472F-987E-DFB26D815F91}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{B04DF467-E8D2-4A8D-BBDC-86EA003289AC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{C8995E1C-4B5D-46FB-B673-27FEE4E55F1A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{CB87E299-22E3-4FBA-A66D-E5E1DBBE2E68}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{E0B6AB4B-3869-4E81-86BF-FB3B87761AA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EC305702-A113-42AD-BBE1-5A9D9E6C8FB8}" = lport=2869 | protocol=6 | dir=in | app=system | "{F084BC6C-981A-40FC-AA38-FB5077B85023}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{FB615D0D-FCB6-4141-B815-21379B2DF4A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C08F25-877D-4A38-BE60-6804FDA2C620}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{036DDFAF-97B5-4B09-AF01-3C05722E12D7}" = protocol=6 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe | "{0582BB66-D6FA-4DEE-A857-02B2FE6870FA}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\condition zero\hl.exe | "{058A3F01-CFFF-4B8D-9194-51D163F12DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{0759E645-9863-4A45-B816-5CDBECC07672}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe | "{0D6BE235-5412-4331-8438-065ADDEE4F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe | "{0DC85D97-55FB-4ED0-BCDA-93C9E086596B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{0FA90351-1EF4-4B39-ADFC-D55C401C183C}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe | "{0FC46A12-82DA-4A1D-B290-BA6470E2D668}" = protocol=6 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe | "{12CC9B2D-7A47-4A20-AC08-96C761BF2295}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | "{1568B213-003B-4311-A6FD-A8FA778AD368}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe | "{15F3BE6F-8406-40B1-9C14-D6A7B3FEA37B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{176F50FB-7861-4990-8A16-E24E485F4787}" = protocol=6 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\launcher.exe | "{18A69F1E-6CA6-4916-9392-8CD20DBACA0C}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe | "{1A08794A-1AF9-4989-AE38-036F5857308D}" = dir=in | app=%programfiles% (x86)\mozilla firefox\firefox.exe | "{1AB4F802-483A-4D02-B711-503CCDA9F334}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe | "{1B7D6C00-C4B1-4078-8538-ADD8FEC4DD1E}" = protocol=6 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe | "{1C1888A5-C734-4545-AE3F-EF135DB3BDA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1D2ED549-AEE0-4746-B07E-4DB90DF81077}" = protocol=17 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe | "{1F960626-DE8C-4C27-92CB-24B2A8EAB6B6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{24AC3EE9-38B0-42EA-89E5-85709190F425}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "{2773CB19-81A4-425F-91DD-16E0D7F1D54C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{296A393D-F6EC-441D-B2A1-6B130E03561A}" = protocol=6 | dir=in | app=d:\fscommand\cksocketserver.exe | "{2990D2F6-AD98-451D-A707-FD709F950D89}" = dir=in | app=%systemdrive%\games\world_of_tanks\worldoftanks.exe | "{320AD417-6193-4B39-BF83-9EB3BA00192F}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | "{32196E42-491C-45C9-BB9A-80D7BE86D45F}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe | "{32D5A848-BFDB-44E8-8293-FFB0C72CF15B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{39475274-CBBC-4C53-AE69-C5EE414242FA}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | "{3A61DFCB-A362-443A-A8D8-06ED22119EDA}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{3B41FCF2-60D2-478E-9F7F-A77C1B21DD08}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "{3DE3488E-2A18-49F5-AC36-DF048F8B6F3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3F2FF587-475D-4B70-94BD-91B0D634A4DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{41A7D6D0-2857-4AF1-97C8-ED73DF11AAF7}" = dir=out | app=%programfiles%\riot games\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.170\deploy\league of legends.exe | "{43D75E93-3EA6-4197-8CE3-B1B6595444C9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{4F284623-FF14-4780-B666-1BD5C11A727E}" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin | "{51BBFB32-EE7A-446C-8933-741EAF63D643}" = protocol=6 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe | "{52E4902E-62E6-44BB-A2D0-3253D905E3CC}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | "{555774F4-E103-4497-B923-A54826617F77}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "{56E3732A-A2D7-4670-9A91-9F3311155D69}" = protocol=17 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe | "{5A70B2EB-F9E6-4C1F-B85E-B8A8FC649144}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "{5AF7A955-73A9-45F2-80E5-7A19BA737744}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe | "{6010DC50-B405-43E8-A34B-DC3109F5FD00}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe | "{605E2D23-4FE1-4756-86FD-CD7BE0D0DA6E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{630DFECE-A172-4807-B3C0-431C9C2CCEB7}" = protocol=6 | dir=out | app=system | "{6CA2DFB1-F331-4981-8947-C939C6869E7E}" = protocol=6 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe | "{725D7678-5580-4639-A5ED-72EA4AECB463}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe | "{727DC954-7660-4D2A-95CC-0D37CFC473CB}" = protocol=17 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe | "{7387148B-63EA-4529-8CA5-3D4B452AE46F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7BF39177-4C6D-40D0-8D6F-8EA58D4FDF4A}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{7CF5973B-39BD-49FB-8C24-565C5F25F335}" = dir=out | app=%programfiles% (x86)\mozilla firefox\firefox.exe | "{7F0B791C-7C33-45CE-A65A-493DB2F12E51}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{80B8445E-E708-4186-940A-9862A9F43E0C}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | "{815A5A2C-31DB-475F-9E6F-DF3D6919D4A3}" = dir=out | app=%systemdrive%\games\world_of_tanks\worldoftanks.exe | "{8289CFD1-5490-4F17-BA99-C76EEC9532C7}" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin | "{840AFD69-4ACD-4432-94AE-F6091DEDD5A8}" = protocol=17 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe | "{847EF9DA-CF3E-4FA3-AA77-29BED4D1C2EB}" = protocol=17 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe | "{85AC32BC-3A84-4245-8F1E-43C9E614B259}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | "{888C473C-AD5D-4F06-B757-041500DA1415}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | "{8C545E6F-09AC-438F-90DB-B979177A201E}" = protocol=58 | dir=in | app=system | "{8DB5CA90-5C60-4738-BEA9-254D73742C0E}" = protocol=6 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe | "{8EB95353-6044-4983-AF97-CB3F67950247}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe | "{9097D214-ED9C-424D-86E9-55FD70C4A3F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | "{91CA08CC-0AB1-451C-84FA-1C6AD43E1D58}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin | "{9296CAA6-4CA4-45BF-B43E-5AFC90B95E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe | "{93AAF2BE-9BF8-47F7-8BD8-B3C1C4F05A86}" = protocol=17 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe | "{949502CA-F4D8-4218-B481-E063733D5C41}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe | "{9A92BFB9-EF2C-4F76-B8A0-41F87D5A582D}" = protocol=17 | dir=in | app=d:\fscommand\cksocketserver.exe | "{9F67BA8B-261C-4EA6-82DE-F7CBC385752C}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin | "{9F76189A-27B8-4D14-A39D-B4A7DDB67F77}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe | "{A37376AA-1FC1-4437-B7DB-DAEBAF5B4614}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A4719768-FEF7-421C-A363-E0DEE500AD19}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe | "{A489B7A1-F84E-4031-AFEA-85979F13E54E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe | "{A92F3CA3-E9F4-49AD-B181-36DFE8BECD0D}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin | "{A94CDAD2-C27A-4E64-9E44-D0F2072C2687}" = dir=in | app=%programfiles%\riot games\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.170\deploy\league of legends.exe | "{A966E5E2-D90D-4925-9B24-75E251ACB77E}" = protocol=17 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe | "{AAEFD139-1E29-4667-A160-60F9FE036CC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AF532182-7C81-4908-84B4-EFAE7465873A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 14\game\fifa14.exe | "{B0C5247E-EA84-4FEB-BE12-1FEE82E8FA37}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe | "{B12400AD-56C6-4E2A-98B5-364FAADD942A}" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin | "{B4133783-8B3C-46AD-A942-18C538E6896A}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "{BA738D30-0999-4D74-B637-BFB7FAE46539}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BEB5479B-8C47-4F84-87B3-5982B9D7B8A4}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe | "{CE43B043-8A5C-4A7F-B4FB-F8096AA1B774}" = protocol=17 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\launcher.exe | "{D5F2D254-2D9E-4A70-9A46-146C5A8D711D}" = protocol=6 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe | "{D652FFBC-11EC-4984-AA39-371E0FA58D94}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe | "{E1B85541-7BF9-4CA0-B450-F905605C6BD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E30E83B1-3A1F-49FE-AE6E-601C77B324D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E6BD77B6-B260-4EC2-8FD3-A6EC00183328}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{E7A09099-BF0C-4FB8-8379-1D30FBEE46C5}" = dir=in | app=%programfiles% (x86)\valve\steam\steamapps\common\half-life\hl.exe | "{E80E10AD-1397-4B12-A9BA-78864479DE09}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "{E9B7649B-98F4-406B-A109-3804AFC6A08D}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\condition zero\hl.exe | "{EABF83F8-72F2-40B8-8A43-41202D57077C}" = dir=out | app=%programfiles% (x86)\valve\steam\steamapps\common\half-life\hl.exe | "{ED100906-27CE-4467-B7D1-375EBDE30804}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 14\game\fifa14.exe | "{EF4D0539-1FCE-4748-8281-A70A1D503841}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin | "{F55653DC-ADBA-45B2-8309-721B9D00024B}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe | "{F8637FE0-5275-440E-A88D-92C2AEB5DA72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F8E94C7A-31D0-4170-A1CD-EDEB05097EF8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FC7C9B98-1468-4BB8-99A9-630F2563995A}" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin | "TCP Query User{0357249D-A1ED-48CF-B7F6-12A172E91ABE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{083D2AAC-109E-4FB6-8AF6-D64FDF279698}C:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe" = protocol=6 | dir=in | app=c:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe | "TCP Query User{0E890D26-AF66-4199-AFFF-BD36C853EE12}C:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe | "TCP Query User{1D8AB3A1-0C7E-4896-98A7-F85E1661D70E}C:\lfs\lfs.exe" = protocol=6 | dir=in | app=c:\lfs\lfs.exe | "TCP Query User{22B7B371-66AC-40F2-B2AA-55CA35B8B5CE}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe | "TCP Query User{28E9F5DD-2332-4E70-B7F6-AB9ED830EB0E}C:\users\damian\desktop\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor.exe | "TCP Query User{2B8205AD-821C-400F-A40D-16ADA9002FD8}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "TCP Query User{3637699B-7D5B-4B7B-8FD8-E89DA29EE05A}C:\program files (x86)\valve\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | "TCP Query User{4B328CA0-5434-46FC-B478-76112D48CF9E}C:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin | "TCP Query User{58514169-12BB-4C04-B0D5-8AE9FB5DD3CF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{59F8681A-8A9D-46FF-9142-ABD24E47431E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{684EFD6C-48CA-42F5-A894-BA2490C4FCD9}C:\program files\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\stronghold crusader\stronghold crusader.exe | "TCP Query User{7BD9AE5C-A3C6-4230-834A-974844B5BD4D}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe | "TCP Query User{8176635D-BBEF-4B47-A141-B2D38E68014D}C:\program files (x86)\webzen\mu\main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\webzen\mu\main.exe | "TCP Query User{93012392-8B70-4C61-8893-B569B2D63976}C:\program files (x86)\elfbot ng\navserv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe | "TCP Query User{A1FFF28C-C003-4D6B-9D93-7FF74B208D1D}C:\users\damian\desktop\rfactor\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe | "TCP Query User{AB4581D2-0DDD-49AB-82D9-8948BAB5270D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{C6298876-7FE0-411D-8FF1-A237411D32C4}C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe | "TCP Query User{D32AC9AF-3F95-491B-B49C-3F75C1C8A2D2}C:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe | "TCP Query User{D5D7AD28-4E2F-48BC-8CC7-BDBDC4A08053}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | "TCP Query User{D66FDDD3-D246-42AD-999E-109F17A68D58}C:\program files (x86)\teratera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe | "TCP Query User{D73CB364-736B-4E75-AE7E-C3E69D012C8D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{E53D503C-18AC-41F1-8BBA-0029A26793BD}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe | "TCP Query User{E8ADE1FB-BB9F-48A9-80DF-6667D97522A9}C:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin | "TCP Query User{ECF08855-A916-4D3B-A781-644C39D4D7F7}C:\users\damian\desktop\moje\gra\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin | "TCP Query User{EE4B5DFA-2086-4D65-9798-637274FC6C7A}C:\users\damian\desktop\lfs\lfs.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\lfs\lfs.exe | "TCP Query User{F272BDE4-88B4-4942-9C45-3D99B991032B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{FBCEE427-E09F-4B63-95A4-9B951DF5E144}C:\users\damian\desktop\moje\gra\yitian2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin | "UDP Query User{043C931D-B6E7-44E7-B025-F712F069F8F6}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe | "UDP Query User{0BD953DF-D78E-4D76-81B1-2487B87EB103}C:\program files\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\stronghold crusader\stronghold crusader.exe | "UDP Query User{2035276C-B711-475D-A7EA-11F50D982A8C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{2A8347B1-087C-4BF4-AA5A-F4E3E80251EB}C:\users\damian\desktop\moje\gra\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin | "UDP Query User{2EC5A728-42D2-4DC7-861F-8342458185B5}C:\users\damian\desktop\moje\gra\yitian2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin | "UDP Query User{3544B80C-25F4-4348-95AA-6F8909833252}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{3E238A8F-0E92-4080-9E72-5B780759F5D0}C:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe | "UDP Query User{48DDB576-AB28-4704-BC2B-ACC35FFD6F38}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{4C171A17-2714-4B98-B56B-EECF8DF0532B}C:\program files (x86)\valve\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | "UDP Query User{5430D235-E767-4EA3-9270-E9FF3203D683}C:\users\damian\desktop\lfs\lfs.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\lfs\lfs.exe | "UDP Query User{5CAF9C2F-B8D7-4A0E-A06F-A89C504B5F4D}C:\program files (x86)\elfbot ng\navserv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe | "UDP Query User{64C6A34B-9DC4-40FF-9CCC-29C17EA1EDDB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{766FB2F2-2E90-46D2-9CE9-9A960B70285B}C:\users\damian\desktop\rfactor\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe | "UDP Query User{83B10552-70B3-40E1-8451-492268752EE9}C:\program files (x86)\webzen\mu\main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\webzen\mu\main.exe | "UDP Query User{8463226A-9EC2-491A-AF4E-A376F1408318}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe | "UDP Query User{8EE2BA92-A862-45EF-9891-CF6E3DB5CE81}C:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe | "UDP Query User{9CCB14E3-8F95-448C-9346-773F73B11023}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | "UDP Query User{9F343FAE-E7AD-4EA2-99D4-32AFC292252B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{A3B47CFC-5CFA-4B18-BAC9-C6C99E3440E2}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{A771E51B-4528-4CAA-927C-44CF973FBF19}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe | "UDP Query User{B5EBAA9A-527F-45A8-BC66-F11CC52B1D29}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "UDP Query User{C2AE1A6C-5161-4706-AB66-73BB0F02007E}C:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin | "UDP Query User{C4841934-5622-4777-A3E1-51D39AC54C7B}C:\program files (x86)\teratera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe | "UDP Query User{C9049108-0C7A-45E5-830F-CEE3C887B3BB}C:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin | "UDP Query User{D939A15B-76F1-4610-9FC6-D405CCEF1093}C:\lfs\lfs.exe" = protocol=17 | dir=in | app=c:\lfs\lfs.exe | "UDP Query User{DB19644D-1FCF-4FD3-A079-22AF87FDEAFB}C:\users\damian\desktop\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor.exe | "UDP Query User{EB159FB1-3D5F-42F1-8F05-01FE68E06820}C:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe" = protocol=17 | dir=in | app=c:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe | "UDP Query User{F47A034F-0FC1-420F-B54A-029C2C31BFF7}C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6D24C5B0-958D-11E2-999F-F04DA23A5C58}" = Movie Studio Platinum 12.0 (64-bit) "{7065E6F0-958D-11E2-B084-F04DA23A5C58}" = MSVCRT Redists "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 335.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 335.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 335.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 335.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.1220 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 11.10.13 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.30.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20 "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) "CCleaner" = CCleaner "Defraggler" = Defraggler "GIMP-2_is1" = GIMP 2.8.6 "McAfee Security Scan" = McAfee Security Scan Plus "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55 "{387A7BC7-577B-4FC9-8337-4DB8F7D34E55}" = MotoGP(TM)13 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}" = MotoGP(TM)13 "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter "{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89505A66-35F0-4401-B3AD-D077051F8698}" = Qtrax Player "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95140000-00AF-0415-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{99759E36-8961-43DC-A7E6-4601D6AEF166}" = Windows Phone app for desktop "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A313C1BB-04A5-49FA-AA26-6C3DDD9F6C7F}" = LogMeIn Hamachi "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14 "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Polish "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B5B98340-0296-11E2-8B8E-F04DA23A5C58}" = Vegas Pro 11.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{DA0106A3-216E-48DE-9CF6-655DA8FC1D22}" = OpenOffice 4.0.1 "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0 "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin "Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0 "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v3.00 "AudioCS" = Creative Audio Control Panel "avast" = avast! Free Antivirus "Battle.net" = Battle.net "CrystalDiskInfo_is1" = CrystalDiskInfo 6.0.1 "DAEMON Tools Lite" = DAEMON Tools Lite "DriverDoc_is1" = DriverDoc "FarmingSimulator2013INT_is1" = Farming Simulator 2013 "Google Chrome" = Google Chrome "GoPro CineForm Studio" = GoPro CineForm Studio 1.3.2 "Hearthstone" = Hearthstone "Hermes_ponadgim_2013" = Hermes_ponadgim_2013 "Host OpenAL" = Host OpenAL "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Mozilla Firefox 28.0 (x86 pl)" = Mozilla Firefox 28.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "MTA:SA 1.3" = MTA:SA v1.3 "'MX vs ATV Reflex'_is1" = 'MX vs ATV Reflex' (Ŕíăëčéńęŕ˙ âĺđńč˙) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "ST6UNST #1" = HLTooLz "The Elder Scrolls V Skyrim_is1" = The Elder Scrolls V Skyrim "Tibia_is1" = Tibia "TMIPC" = Tibia MULTI-ip changer "xxxxxxxxxxxxx-Pearson" = Market Leader Elementary 3rd Edition [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "GG" = GG "Hoolapp Packages" = Hoolapp Packages "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-05-05 04:16:06 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-05 07:43:46 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-05 14:34:54 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-06 03:59:59 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-06 13:10:04 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-06 15:08:18 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-06 15:22:07 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-06 16:15:38 | Computer Name = Damian-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: setup.exe_Sony PC Companion, wersja: 17.0.0.717, sygnatura czasowa: 0x4cab8cfa Nazwa modułu powodującego błąd: StructuredQuery.dll, wersja: 7.0.7601.17514, sygnatura czasowa: 0x4ce7ba03 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00012146 Identyfikator procesu powodującego błąd: 0x1708 Godzina uruchomienia aplikacji powodującej błąd: 0x01cf696794d6549a Ścieżka aplikacji powodującej błąd: C:\Users\Damian\AppData\Local\Temp\{DD864879-74BF-4BEC-BC52-EBB68CF4000C}\setup.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\StructuredQuery.dll Identyfikator raportu: 2fd6ae78-d55b-11e3-a704-bc5ff41c6219 Error - 2014-05-07 03:45:58 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-08 03:45:59 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-08 04:29:32 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 2012-12-07 10:23:46 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 15:23:35 - Błąd podczas nawiązywania połączenia z Internetem. 15:23:35 - Nie można skontaktować się z serwerem.. Error - 2012-12-12 09:26:14 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 14:26:14 - Błąd podczas nawiązywania połączenia z Internetem. 14:26:14 - Nie można skontaktować się z serwerem.. Error - 2012-12-12 09:26:24 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 14:26:19 - Błąd podczas nawiązywania połączenia z Internetem. 14:26:19 - Nie można skontaktować się z serwerem.. Error - 2013-06-11 05:42:51 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 11:42:45 - Błąd podczas nawiązywania połączenia z Internetem. 11:42:45 - Nie można skontaktować się z serwerem.. Error - 2013-06-16 13:24:34 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 19:24:34 - Nie można pobrać pakietu Directory (Błąd: Połączenie podstawowe zostało zakończone: Wystąpił nieoczekiwany błąd przy odbiorze.) Error - 2013-07-31 04:40:09 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 10:40:00 - Błąd podczas nawiązywania połączenia z Internetem. 10:40:00 - Nie można skontaktować się z serwerem.. Error - 2013-07-31 06:39:38 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 12:39:33 - Błąd podczas nawiązywania połączenia z Internetem. 12:39:33 - Nie można skontaktować się z serwerem.. Error - 2013-07-31 07:40:05 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 13:40:02 - Błąd podczas nawiązywania połączenia z Internetem. 13:40:02 - Nie można skontaktować się z serwerem.. Error - 2013-07-31 08:40:26 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 14:40:26 - Błąd podczas nawiązywania połączenia z Internetem. 14:40:26 - Nie można skontaktować się z serwerem.. Error - 2013-07-31 08:40:32 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0 Description = 14:40:31 - Błąd podczas nawiązywania połączenia z Internetem. 14:40:31 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2014-05-06 13:08:11 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys) z powodu następującego błędu: %%1058 Error - 2014-05-06 13:09:54 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Update WiseEnhance. Error - 2014-05-06 13:09:54 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Update WiseEnhance z powodu następującego błędu: %%1053 Error - 2014-05-06 15:05:43 | Computer Name = Damian-Komputer | Source = DCOM | ID = 10010 Description = Error - 2014-05-06 15:07:02 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys) z powodu następującego błędu: %%1058 Error - 2014-05-06 15:20:24 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys) z powodu następującego błędu: %%1058 Error - 2014-05-07 03:44:17 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys) z powodu następującego błędu: %%1058 Error - 2014-05-07 18:04:22 | Computer Name = Damian-Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2014-05-08 03:44:14 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys) z powodu następującego błędu: %%1058 Error - 2014-05-08 04:27:49 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys) z powodu następującego błędu: %%1058 < End of report >[/log]
Gość komentarz 7 maja 2014 komentarz 7 maja 2014 w miedzyczasie gdy czekasz az ktos obeznany zajrzy w logi uzyj adwcleaner usun wszystko co wynajdzie - oraz ccleaner
Zayfi komentarz 9 maja 2014 komentarz 9 maja 2014 (edytowane) Wolna praca mówisz? To zacznij od odinstalowania Avasta. Skutkiem ubocznym zastosowania gmera jest przestawienie trybu pracy dysku na PIO. Trzeba to odwróćić i zapodać DMA.
Adain komentarz 9 maja 2014 Autor komentarz 9 maja 2014 (edytowane) Chciałbym wiedzieć co właśnie do mnie napisałeś ale niestety, proszę o zastosowanie języka "dla zielonych" :P Cofam to wyżej, poszukałem w necie, sprawdzilęm dysk nadal pracuje w trybie DMA
Zayfi komentarz 9 maja 2014 komentarz 9 maja 2014 Cofam to wyżej, poszukałem w necie, sprawdzilęm dysk nadal pracuje w trybie DMA To wyawal avasta i sprawdź jak działa system. Powtarzam, infekcji nie ma.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.