x-kom hosting

Wolna praca komputera + ciągle otwierające się reklamy

Adain
utworzono
utworzono (edytowane)

Witam serdecznie. Od jakiegoś czasu strasznie wolno pracuje komputer. Jest on strasznie zaniedbany więc czas się za niego wziąć. Dodatkowo ilość otwierających się reklam za 1 kliknięciem dochodzi czasem do 4. W najbliższym czasie mam zamiar wyczyścić go do zera ale do tego czasu przydałoby się zwykłe czyszczenie. Wklejam tutaj logi i proszę o pomoc.

1. Log z OTL

[log]OTL logfile created on: 2014-05-07 22:46:06 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Damian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
7,98 Gb Total Physical Memory | 4,90 Gb Available Physical Memory | 61,34% Memory free
15,96 Gb Paging File | 12,78 Gb Available in Paging File | 80,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 145,61 Gb Free Space | 31,27% Space Free | Partition Type: NTFS
 
Computer Name: DAMIAN-KOMPUTER | User Name: Damian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-05-07 22:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Downloads\OTL.exe
PRC - [2014-05-01 22:22:40 | 003,588,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2014-04-28 19:49:29 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014-04-18 16:41:57 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-04-15 10:46:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014-03-29 21:03:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014-02-05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-09-20 15:02:30 | 000,103,936 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
PRC - [2013-09-20 15:02:28 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
PRC - [2013-09-20 15:02:28 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-05-01 22:22:39 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2014-05-01 22:22:38 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2014-05-01 22:22:38 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2014-05-01 22:22:38 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2014-05-01 22:22:38 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2014-05-01 22:22:38 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2014-05-01 22:22:38 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2014-05-01 22:22:38 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014-04-28 19:49:29 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014-04-18 16:41:57 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014-03-29 21:03:04 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-09-20 13:50:06 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
MOD - [2013-09-17 04:54:38 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-02-05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014-01-16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014-04-28 19:49:29 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-04-15 10:46:28 | 002,227,536 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014-04-08 18:45:50 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014-03-29 21:03:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-09-24 22:31:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-09-05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-05-29 01:50:00 | 003,995,128 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys -- ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64)
DRV:64bit: - [2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014-04-18 16:41:58 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-04-18 16:41:58 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-04-18 16:41:58 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013-12-27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013-11-28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013-06-20 14:50:59 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013-06-20 14:50:59 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2013-01-31 21:08:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-06-23 17:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-03-15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010-03-15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic)
DRV:64bit: - [2010-03-15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV:64bit: - [2010-03-15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010-03-15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5)
DRV:64bit: - [2010-03-15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010-03-15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus)
DRV:64bit: - [2009-08-21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007-01-04 13:47:10 | 000,071,832 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\e4ldrx64.sys -- (E4LOADER)
DRV:64bit: - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e4usbawx64.sys -- (e4usbaw)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\e4usbawx64.sys -- (e4usbaw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{476E8BB4-0B4A-4284-8956-2CEE427CC48F}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{DFC7BF2D-5600-43DA-98FD-F0C881B38A3E}: "URL" = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms}
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Damian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-18 16:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-07-22 13:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Extensions
[2014-05-07 10:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Firefox\Profiles\k0kln3jn.default\extensions
[2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2014-03-29 21:03:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014-03-29 21:03:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Here (Enabled)
CHR - default_search_provider: search_url = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.msn.com/?pc=AV01
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Damian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Dokumenty Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Szukaj w Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Fiery Horse chrome Theme = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\
CHR - Extension: Google Wallet = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1370600-A1CC-4A4B-B3FC-84DF444F59E5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat
O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell - "" = AutoRun
O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-05-06 21:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-05-06 21:17:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014-05-06 21:17:47 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-05-06 21:17:41 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014-05-06 21:17:34 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-05-06 21:17:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014-05-06 21:17:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-05-06 21:17:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014-05-06 21:17:33 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014-05-06 21:17:33 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-05-06 21:17:33 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014-05-06 21:17:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014-05-06 21:17:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-05-06 21:17:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-05-06 21:17:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014-05-06 21:17:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-05-06 21:17:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-05-06 21:17:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-05-06 21:17:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-05-06 21:17:32 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014-05-06 21:17:30 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014-05-06 21:17:30 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-05-06 21:17:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-05-06 21:17:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014-05-06 21:17:29 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014-05-06 21:17:29 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014-05-06 21:17:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014-05-06 21:17:28 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-05-06 21:17:27 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-05-06 21:17:26 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-05-06 21:17:11 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014-05-06 19:28:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-06 19:28:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-05-02 00:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014-05-01 23:59:47 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014-05-01 23:55:11 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014-05-01 23:55:11 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014-05-01 23:55:11 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014-05-01 23:55:11 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014-05-01 23:55:11 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014-05-01 23:55:11 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014-05-01 23:55:11 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014-05-01 23:55:11 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014-05-01 23:55:11 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014-05-01 23:55:11 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014-05-01 23:55:11 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014-05-01 23:55:11 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014-05-01 23:55:11 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014-05-01 23:55:11 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014-05-01 23:55:11 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433523.dll
[2014-05-01 23:55:11 | 001,516,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433523.dll
[2014-05-01 23:55:11 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014-05-01 23:55:11 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014-05-01 23:55:11 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014-05-01 23:55:11 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014-05-01 23:55:11 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014-05-01 23:55:11 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014-05-01 23:55:11 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014-05-01 23:55:11 | 000,377,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014-05-01 23:55:11 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014-05-01 23:55:11 | 000,333,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014-05-01 23:55:11 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014-05-01 23:55:11 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014-05-01 23:55:11 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014-05-01 23:55:11 | 000,148,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014-05-01 23:55:11 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014-05-01 23:55:11 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014-05-01 23:55:11 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014-05-01 10:23:17 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
[2014-04-26 15:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2014-04-20 21:18:31 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Local\Skyrim
[2014-04-20 21:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2014-04-20 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\Skyrim
[2014-04-20 20:55:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-04-20 20:55:53 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-04-20 20:55:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-04-20 20:55:53 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-04-20 20:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-04-20 20:53:31 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Solvusoft
[2014-04-20 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc
[2014-04-18 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\DropboxMaster
[2014-04-18 17:06:39 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014-04-18 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Dropbox
[2014-04-18 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\AVAST Software
[2014-04-18 16:42:08 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014-04-18 16:41:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-04-16 15:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014-04-16 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014-04-10 17:03:45 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014-04-10 17:03:45 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014-04-10 17:03:43 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014-04-10 17:03:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014-04-10 17:03:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014-04-10 17:03:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014-04-10 17:03:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014-04-10 17:03:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014-04-10 17:03:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014-04-10 17:03:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014-04-10 17:03:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014-04-10 17:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014-05-07 22:47:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-05-07 22:17:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-07 20:53:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014-05-07 19:08:40 | 000,005,207 | ---- | M] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg
[2014-05-07 17:55:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2014-05-07 11:17:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-07 09:53:26 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-05-07 09:53:26 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-05-07 09:44:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-05-07 09:44:07 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-06 21:54:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-05-06 12:11:08 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-05-04 16:44:06 | 520,801,250 | ---- | M] () -- C:\Users\Damian\Documents\Untitled.mp4
[2014-05-04 16:25:51 | 001,670,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-05-04 16:25:51 | 000,740,438 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-05-04 16:25:51 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-05-04 16:25:51 | 000,156,012 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-05-04 16:25:51 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-03 17:55:00 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2014-04-29 16:58:48 | 000,510,614 | ---- | M] () -- C:\Users\Damian\Desktop\wlzał12.jpg
[2014-04-29 16:54:44 | 000,172,815 | ---- | M] () -- C:\Users\Damian\Desktop\wlazły.jpg
[2014-04-29 16:54:05 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-04-28 19:49:29 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-04-28 19:49:29 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
[2014-04-20 21:15:45 | 000,001,102 | ---- | M] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk
[2014-04-20 20:53:26 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014-04-18 16:41:58 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014-04-18 16:41:58 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014-04-18 16:41:58 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014-04-18 16:41:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-04-18 16:41:58 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014-04-18 16:24:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014-04-15 18:50:51 | 000,028,489 | ---- | M] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt
[2014-04-14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-04-14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-04-14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-04-14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-04-14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-04-14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-04-11 18:30:20 | 000,027,384 | ---- | M] () -- C:\Users\Damian\Desktop\makro.odt
[2014-04-10 21:24:58 | 000,049,656 | ---- | M] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg
 
========== Files Created - No Company Name ==========
 
[2014-05-07 19:08:40 | 000,005,207 | ---- | C] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg
[2014-05-06 21:54:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-04-29 16:58:48 | 000,510,614 | ---- | C] () -- C:\Users\Damian\Desktop\wlzał12.jpg
[2014-04-29 16:52:59 | 000,172,815 | ---- | C] () -- C:\Users\Damian\Desktop\wlazły.jpg
[2014-04-20 21:15:45 | 000,001,102 | ---- | C] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk
[2014-04-20 20:53:39 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014-04-20 20:53:26 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014-04-18 16:42:06 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014-04-15 18:50:48 | 000,028,489 | ---- | C] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt
[2014-04-10 22:40:53 | 000,027,384 | ---- | C] () -- C:\Users\Damian\Desktop\makro.odt
[2014-04-10 21:24:58 | 000,049,656 | ---- | C] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg
[2014-04-10 12:58:36 | 000,001,385 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2014-04-10 12:58:36 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2014-04-10 12:58:36 | 000,001,079 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk
[2013-12-07 21:21:51 | 000,002,132 | ---- | C] () -- C:\Users\Damian\AppData\Local\recently-used.xbel
[2013-11-19 18:18:06 | 000,007,605 | ---- | C] () -- C:\Users\Damian\AppData\Local\Resmon.ResmonCfg
[2013-10-25 10:37:41 | 000,000,266 | RHS- | C] () -- C:\Users\Damian\ntuser.pol
[2013-09-24 22:31:04 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2013-09-24 22:31:04 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2013-09-24 22:31:03 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013-09-24 22:31:03 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013-09-14 21:41:53 | 001,642,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-09-07 17:21:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2013-07-27 00:43:06 | 000,000,106 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WB.CFG
[2013-07-13 03:03:50 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q5-TTL.DAT
[2013-07-05 01:07:11 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q3-TTL.DAT
[2013-06-21 19:17:33 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013-06-18 10:44:08 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q2-TTL.DAT
[2013-06-17 14:43:24 | 000,000,006 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-TTL.DAT
[2013-04-13 22:19:12 | 000,006,656 | ---- | C] () -- C:\Users\Damian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-13 22:04:54 | 000,000,499 | ---- | C] () -- C:\Users\Damian\AppData\Local\HamsterVideoConverterSettings.cfg
[2013-02-14 19:34:17 | 000,000,047 | ---- | C] () -- C:\Users\Damian\config.ini
[2013-02-14 19:34:06 | 000,000,058 | ---- | C] () -- C:\Users\Damian\list.inf
[2013-02-14 19:33:58 | 000,000,988 | ---- | C] () -- C:\Users\Damian\version.wvd
[2012-09-24 20:31:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012-08-12 16:53:54 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini
[2012-07-22 10:59:25 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini
[2012-07-22 10:59:25 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2012-07-22 10:59:16 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe
[2012-07-22 10:59:16 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe
[2012-07-22 10:59:16 | 000,001,100 | ---- | C] () -- C:\Windows\adiras.ini
[2012-07-22 10:59:13 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe
[2012-07-21 20:51:45 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-12-14 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraft
[2013-07-06 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraftzyczu
[2014-04-18 16:47:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\AVAST Software
[2014-03-13 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Battle.net
[2014-05-06 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DAEMON Tools Lite
[2012-08-08 17:55:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\dll-files.com
[2014-04-18 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Dropbox
[2014-04-18 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DropboxMaster
[2014-04-03 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GG
[2013-07-18 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GoPro
[2013-06-02 17:43:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Hoolapp Packages
[2012-07-22 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\LolClient
[2013-07-30 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Milestone
[2013-10-08 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\OpenOffice
[2013-10-10 21:51:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Origin
[2013-04-13 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Publish Providers
[2013-06-02 17:01:41 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\SmartPCFix
[2014-04-20 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Solvusoft
[2013-10-11 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony
[2013-04-13 19:14:57 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony Creative Software Inc
[2013-07-16 19:41:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TERA
[2013-09-28 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Tibia
[2014-05-03 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TS3Client
[2013-06-10 16:06:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Unity
[2012-08-08 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\wargaming.net
[2013-04-13 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >[/log]

 

2. log z gmer

[log]GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-07 23:33:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB
Running: gmer.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                    fffff800033b4000 63 bytes [46, 49, 4C, 45, 30, 00, 03, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594                                                                                                    fffff800033b4042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\wininit.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\services.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\lsass.exe[764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\winlogon.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        0000000075fca2fd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                 0000000075fca2fd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\nvvsvc.exe[1424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               000000007705ef8d 1 byte [62]
.text     C:\Windows\Explorer.EXE[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                   000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\taskhost.exe[1780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          000000007705ef8d 1 byte [62]
.text     C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              0000000075fca2fd 1 byte [62]
.text     C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 0000000075fca2fd 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                           000000007705ef8d 1 byte [62]
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000075fca2fd 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                           000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\conhost.exe[2300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000075fca2fd 1 byte [62]
.text     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2788] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                 00000000760f1465 2 bytes [0F, 76]
.text     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2788] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                00000000760f14bb 2 bytes [0F, 76]
.text     ...                                                                                                                                                                   * 2
.text     C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007705ef8d 1 byte [62]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                           000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                       0000000075fca2fd 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe[3344] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                       000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          0000000075fca2fd 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                  0000000075fa8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                         0000000075fca2fd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[4236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           000000007705ef8d 1 byte [62]
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                  0000000075fca2fd 1 byte [62]
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetWindowPos                                                                            0000000075a68e4e 5 bytes JMP 000000016251c350
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                              0000000075a70dfb 5 bytes JMP 000000016251c2e0
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetFocus                                                                                0000000075a72175 5 bytes JMP 000000016251c330
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetActiveWindow                                                                         0000000075a73208 5 bytes JMP 000000016251c3a0
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!BringWindowToTop                                                                        0000000075a77b3b 4 bytes JMP 000000016251c240
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SetForegroundWindow                                                                     0000000075a8f170 4 bytes JMP 000000016251c210
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow                                                                      0000000075aa90fc 4 bytes JMP 000000016251c270
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\USER32.dll!ShowWindowAsync                                                                         0000000075ac7d97 5 bytes JMP 000000016251c290
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\ole32.dll!DoDragDrop                                                                               000000007670a827 5 bytes JMP 000000016251c1f0
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                00000000760f1465 2 bytes [0F, 76]
.text     C:\Program Files (x86)\Origin\Origin.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                               00000000760f14bb 2 bytes [0F, 76]
.text     ...                                                                                                                                                                   * 2
.text     C:\Windows\system32\SearchProtocolHost.exe[7752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007705ef8d 1 byte [62]
.text     C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.027\gmer.exe[5140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                  0000000075fca2fd 1 byte [62]

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [4836:4792]                                                                                                                           000007feea2b9688
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1672] (GG drive overlay/GG Network S.A.)(2012-08-02 08:34:18)           000000005c080000
Library   C:\Users\Damian\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1672] (GG drive menu/GG Network S.A.)(2                   000000005ff80000
Library   C:\Users\Damian\Downloads\OTL.exe (*** suspicious ***) @ C:\Users\Damian\Downloads\OTL.exe [7908]                                                                     0000000000400000
Library   C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Program Files\WinRAR\WinRAR.exe [7448] (GG drive overlay/GG Network S.A.)(2012                000000005c080000
Process   C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.027\gmer.exe (*** suspicious ***) @ C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.027\gmer.exe [5140](2014-05-07 20:50:13)  0000000000400000

---- Registry - GMER 2.1 ----

Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Damian\Downloads\Bez\xa0tytułu.png.exe                    1

---- Files - GMER 2.1 ----

File      C:\Program Files (x86)\Origin Games\FIFA 14\Game\polish_pl.bh                                                                                                         36 bytes
File      C:\Program Files (x86)\Origin Games\FIFA 14\Game\polish_pl.big                                                                                                        101 bytes
File      C:\Program Files (x86)\Origin Games\FIFA 14\Game\pol_pl.bh                                                                                                            36 bytes
File      C:\Program Files (x86)\Origin Games\FIFA 14\Game\pol_pl.big                                                                                                           330836576 bytes

---- EOF - GMER 2.1 ----[/log]

 

3. Log z OTL po użyciu adwcleaner

[log]OTL logfile created on: 2014-05-08 11:33:43 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Damian\Downloads\OTL TXT
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
7,98 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,48% Memory free
15,96 Gb Paging File | 13,52 Gb Available in Paging File | 84,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 155,55 Gb Free Space | 33,40% Space Free | Partition Type: NTFS
 
Computer Name: DAMIAN-KOMPUTER | User Name: Damian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014-05-07 22:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Downloads\OTL TXT\OTL.exe
PRC - [2014-04-28 19:49:29 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014-04-18 16:41:57 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-04-15 10:46:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014-03-29 21:03:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-03-19 20:46:46 | 008,811,680 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~2\MICROS~1\OFFICE11\WORDVIEW.EXE
PRC - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014-02-05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014-04-28 19:49:29 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014-04-18 16:41:57 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014-03-29 21:03:04 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009-02-26 11:45:08 | 000,024,912 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\Wordcnvpxy.cnv
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014-04-18 16:41:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014-02-05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2014-01-16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014-04-28 19:49:29 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-04-15 10:46:28 | 002,227,536 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014-04-08 18:45:50 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014-03-29 21:03:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-09-24 22:31:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-09-05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-05-29 01:50:00 | 003,995,128 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys -- ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2014-04-18 16:41:58 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2013-12-27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2013-11-28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2013-06-20 14:50:59 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:[/b] - [2013-06-20 14:50:59 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:[b]64bit:[/b] - [2013-01-31 21:08:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-10-19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010-06-23 17:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic)
DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5)
DRV:[b]64bit:[/b] - [2010-03-15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:[b]64bit:[/b] - [2010-03-15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus)
DRV:[b]64bit:[/b] - [2009-08-21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2007-01-04 13:47:10 | 000,071,832 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\e4ldrx64.sys -- (E4LOADER)
DRV:[b]64bit:[/b] - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e4usbawx64.sys -- (e4usbaw)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007-01-04 13:46:30 | 000,146,968 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\e4usbawx64.sys -- (e4usbaw)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{476E8BB4-0B4A-4284-8956-2CEE427CC48F}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\..\SearchScopes\{DFC7BF2D-5600-43DA-98FD-F0C881B38A3E}: "URL" = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms}
IE - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Damian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-18 16:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-07-22 13:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Extensions
[2014-05-07 10:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\mozilla\Firefox\Profiles\k0kln3jn.default\extensions
[2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2014-03-29 21:03:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014-03-29 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014-03-29 21:03:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Search Here (Enabled)
CHR - default_search_provider: search_url = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.msn.com/?pc=AV01
CHR - plugin: Pierwszy uytkownik (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Fiery Horse chrome Theme = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\
CHR - Extension: Google Wallet = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1370600-A1CC-4A4B-B3FC-84DF444F59E5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0b3a9e3f-d362-11e1-8a2f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat
O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell - "" = AutoRun
O33 - MountPoints2\{9a61eb7f-5d77-11e2-8107-cb7dd1ab8cac}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014-05-08 10:26:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014-05-08 10:25:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-05-07 22:59:24 | 000,000,000 | -HSD | C] -- C:\Users\Damian\AppData\Local\EmieUserList
[2014-05-07 22:59:24 | 000,000,000 | -HSD | C] -- C:\Users\Damian\AppData\Local\EmieSiteList
[2014-05-06 21:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-05-06 21:17:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014-05-06 21:17:47 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-05-06 21:17:41 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014-05-06 21:17:34 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-05-06 21:17:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014-05-06 21:17:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-05-06 21:17:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014-05-06 21:17:33 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014-05-06 21:17:33 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-05-06 21:17:33 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014-05-06 21:17:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014-05-06 21:17:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-05-06 21:17:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-05-06 21:17:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014-05-06 21:17:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-05-06 21:17:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-05-06 21:17:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-05-06 21:17:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-05-06 21:17:32 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014-05-06 21:17:30 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014-05-06 21:17:30 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-05-06 21:17:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-05-06 21:17:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014-05-06 21:17:29 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014-05-06 21:17:29 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014-05-06 21:17:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014-05-06 21:17:28 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-05-06 21:17:27 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-05-06 21:17:26 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-05-06 21:17:11 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014-05-06 19:28:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-06 19:28:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-05-02 00:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014-05-01 23:59:47 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014-05-01 23:55:11 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014-05-01 23:55:11 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014-05-01 23:55:11 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014-05-01 23:55:11 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014-05-01 23:55:11 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014-05-01 23:55:11 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014-05-01 23:55:11 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014-05-01 23:55:11 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014-05-01 23:55:11 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014-05-01 23:55:11 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014-05-01 23:55:11 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014-05-01 23:55:11 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014-05-01 23:55:11 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014-05-01 23:55:11 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014-05-01 23:55:11 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433523.dll
[2014-05-01 23:55:11 | 001,516,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433523.dll
[2014-05-01 23:55:11 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014-05-01 23:55:11 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014-05-01 23:55:11 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014-05-01 23:55:11 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014-05-01 23:55:11 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014-05-01 23:55:11 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014-05-01 23:55:11 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014-05-01 23:55:11 | 000,377,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014-05-01 23:55:11 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014-05-01 23:55:11 | 000,333,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014-05-01 23:55:11 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014-05-01 23:55:11 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014-05-01 23:55:11 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014-05-01 23:55:11 | 000,148,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014-05-01 23:55:11 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014-05-01 23:55:11 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014-05-01 23:55:11 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014-05-01 10:23:17 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
[2014-04-26 15:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2014-04-20 21:18:31 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Local\Skyrim
[2014-04-20 21:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2014-04-20 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\Skyrim
[2014-04-20 20:55:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-04-20 20:55:53 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-04-20 20:55:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-04-20 20:55:53 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-04-20 20:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-04-20 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc
[2014-04-18 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\DropboxMaster
[2014-04-18 17:06:39 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014-04-18 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\Dropbox
[2014-04-18 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Roaming\AVAST Software
[2014-04-18 16:42:08 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014-04-18 16:41:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-04-16 15:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014-04-16 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014-04-10 17:03:45 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014-04-10 17:03:45 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014-04-10 17:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014-04-10 17:03:43 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014-04-10 17:03:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014-04-10 17:03:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014-04-10 17:03:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014-04-10 17:03:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014-04-10 17:03:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014-04-10 17:03:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014-04-10 17:03:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014-04-10 17:03:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014-04-10 17:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014-05-08 11:27:35 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-08 10:47:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-05-08 10:36:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-05-08 10:36:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-05-08 10:28:05 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-08 10:27:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-05-08 10:27:40 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-07 20:53:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014-05-07 19:08:40 | 000,005,207 | ---- | M] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg
[2014-05-07 17:55:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2014-05-06 21:54:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-05-06 12:11:08 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-05-04 16:44:06 | 520,801,250 | ---- | M] () -- C:\Users\Damian\Documents\Untitled.mp4
[2014-05-04 16:25:51 | 001,670,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-05-04 16:25:51 | 000,740,438 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-05-04 16:25:51 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-05-04 16:25:51 | 000,156,012 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-05-04 16:25:51 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-03 17:55:00 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2014-04-29 16:58:48 | 000,510,614 | ---- | M] () -- C:\Users\Damian\Desktop\wlzał12.jpg
[2014-04-29 16:54:44 | 000,172,815 | ---- | M] () -- C:\Users\Damian\Desktop\wlazły.jpg
[2014-04-29 16:54:05 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-04-28 19:49:29 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-04-28 19:49:29 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
[2014-04-20 21:15:45 | 000,001,102 | ---- | M] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk
[2014-04-20 20:53:26 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014-04-18 16:41:58 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014-04-18 16:41:58 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014-04-18 16:41:58 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014-04-18 16:41:58 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014-04-18 16:41:58 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014-04-18 16:41:58 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014-04-18 16:41:58 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014-04-18 16:41:58 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014-04-18 16:41:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-04-18 16:41:58 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014-04-18 16:24:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014-04-15 18:50:51 | 000,028,489 | ---- | M] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt
[2014-04-14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-04-14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-04-14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-04-14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-04-14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-04-14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-04-11 18:30:20 | 000,027,384 | ---- | M] () -- C:\Users\Damian\Desktop\makro.odt
[2014-04-10 21:24:58 | 000,049,656 | ---- | M] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014-05-07 19:08:40 | 000,005,207 | ---- | C] () -- C:\Users\Damian\Desktop\10269475_454840434647351_6306696531064574281_a.jpg
[2014-05-06 21:54:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-04-29 16:58:48 | 000,510,614 | ---- | C] () -- C:\Users\Damian\Desktop\wlzał12.jpg
[2014-04-29 16:52:59 | 000,172,815 | ---- | C] () -- C:\Users\Damian\Desktop\wlazły.jpg
[2014-04-20 21:15:45 | 000,001,102 | ---- | C] () -- C:\Users\Damian\Desktop\Uruchom program The Elder Scrolls V Skyrim.lnk
[2014-04-20 20:53:39 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014-04-20 20:53:26 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014-04-18 16:42:06 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014-04-15 18:50:48 | 000,028,489 | ---- | C] () -- C:\Users\Damian\Desktop\Łukasz Zieliński 1C GDA.odt
[2014-04-10 22:40:53 | 000,027,384 | ---- | C] () -- C:\Users\Damian\Desktop\makro.odt
[2014-04-10 21:24:58 | 000,049,656 | ---- | C] () -- C:\Users\Damian\Desktop\zdjęcieeee.jpg
[2014-04-10 12:58:36 | 000,001,385 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2014-04-10 12:58:36 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2014-04-10 12:58:36 | 000,001,079 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoClick.lnk
[2013-12-07 21:21:51 | 000,002,132 | ---- | C] () -- C:\Users\Damian\AppData\Local\recently-used.xbel
[2013-11-19 18:18:06 | 000,007,605 | ---- | C] () -- C:\Users\Damian\AppData\Local\Resmon.ResmonCfg
[2013-10-25 10:37:41 | 000,000,266 | RHS- | C] () -- C:\Users\Damian\ntuser.pol
[2013-09-24 22:31:04 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2013-09-24 22:31:04 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2013-09-24 22:31:03 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013-09-24 22:31:03 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013-09-14 21:41:53 | 001,642,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-09-07 17:21:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2013-07-27 00:43:06 | 000,000,106 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WB.CFG
[2013-07-13 03:03:50 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q5-TTL.DAT
[2013-07-05 01:07:11 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q3-TTL.DAT
[2013-06-21 19:17:33 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013-06-18 10:44:08 | 000,000,005 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-Q2-TTL.DAT
[2013-06-17 14:43:24 | 000,000,006 | ---- | C] () -- C:\Users\Damian\AppData\Roaming\WBPU-TTL.DAT
[2013-04-13 22:19:12 | 000,006,656 | ---- | C] () -- C:\Users\Damian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-13 22:04:54 | 000,000,499 | ---- | C] () -- C:\Users\Damian\AppData\Local\HamsterVideoConverterSettings.cfg
[2013-02-14 19:34:17 | 000,000,047 | ---- | C] () -- C:\Users\Damian\config.ini
[2013-02-14 19:34:06 | 000,000,058 | ---- | C] () -- C:\Users\Damian\list.inf
[2013-02-14 19:33:58 | 000,000,988 | ---- | C] () -- C:\Users\Damian\version.wvd
[2012-09-24 20:31:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012-08-12 16:53:54 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini
[2012-07-22 10:59:25 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini
[2012-07-22 10:59:25 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2012-07-22 10:59:16 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe
[2012-07-22 10:59:16 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe
[2012-07-22 10:59:16 | 000,001,100 | ---- | C] () -- C:\Windows\adiras.ini
[2012-07-22 10:59:13 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe
[2012-07-21 20:51:45 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013-12-14 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraft
[2013-07-06 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraftzyczu
[2014-04-18 16:47:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\AVAST Software
[2014-03-13 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Battle.net
[2014-05-06 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DAEMON Tools Lite
[2012-08-08 17:55:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\dll-files.com
[2014-04-18 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Dropbox
[2014-04-18 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\DropboxMaster
[2014-04-03 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GG
[2013-07-18 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\GoPro
[2013-06-02 17:43:53 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Hoolapp Packages
[2012-07-22 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\LolClient
[2013-07-30 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Milestone
[2013-10-08 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\OpenOffice
[2013-10-10 21:51:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Origin
[2013-04-13 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Publish Providers
[2013-06-02 17:01:41 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\SmartPCFix
[2013-10-11 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony
[2013-04-13 19:14:57 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Sony Creative Software Inc
[2013-07-16 19:41:30 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TERA
[2013-09-28 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Tibia
[2014-05-03 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\TS3Client
[2013-06-10 16:06:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Unity
[2012-08-08 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\wargaming.net
[2013-04-13 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\XMedia Recode
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report > [/log]

 

4. Extras

[log]OTL Extras logfile created on: 2014-05-08 11:39:34 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Damian\Downloads\OTL TXT
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
7,98 Gb Total Physical Memory | 5,39 Gb Available Physical Memory | 67,50% Memory free
15,96 Gb Paging File | 13,39 Gb Available in Paging File | 83,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 155,55 Gb Free Space | 33,40% Space Free | Partition Type: NTFS
 
Computer Name: DAMIAN-KOMPUTER | User Name: Damian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004315D0-749C-47F0-B631-D6F6BAD9F7B0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{1E35FA07-9EDD-4463-8EA8-F5C1017A3B74}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2013EDA1-9F34-413C-B1ED-EACB35BB15F0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{23E5697E-6221-421B-BEF6-214A8484D5AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30C7C00F-A420-4FB3-A06F-947E66032798}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{35081302-1263-40F4-B0A6-98712D849603}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{397F3C7E-53AE-4314-89B3-C9032DB1E1F8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{40098CED-128E-45CC-A650-03897F306182}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E54A146-4BD3-4F03-968D-85F84994FBFD}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{4E8A815A-ADB4-4AAF-B657-BABC38BBDCB0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{4E94622C-D0FE-4FEA-A1DA-34853C917D7F}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{580A8E30-194A-472B-BD70-7E31E2D25A10}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{5C543E4A-2415-429C-B268-CD41129C7691}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{602F7753-B2CD-4140-99E4-123D2BF8C182}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{623F2EC8-3FA7-4267-A6FF-4B12EA23CA5B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{64538FB2-DBB4-4FA6-8C73-34777D575B3B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{64EB8B01-F48E-4330-A5F5-56787EDCCEC4}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7EE338F4-15F8-4698-857C-5C85B979F991}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{80A9D865-030A-47AA-BEF4-632754D91A81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8ACBBC47-CC55-4C03-A61B-6D526F90FD08}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{8AE9D5DB-466D-4AEB-AEF8-416DEEC42A6E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8B36254F-EAE1-4F42-9467-B1683152EEC6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F685A8A-F44C-41E7-8FEF-A39C8EF3D821}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{91C06511-476C-49D2-ADAE-61D95EEDFB89}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{92BC3C61-B1AE-42E2-B40F-5DF063C76768}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{963F8E61-8AC2-4B54-858E-7A7FDE74E72E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{9C45407A-BE96-4B34-A474-595F04CEB42B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A2F75424-CB09-4D84-8346-1AE0728CCEA6}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{AD1FDAAC-FBCF-472F-987E-DFB26D815F91}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B04DF467-E8D2-4A8D-BBDC-86EA003289AC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C8995E1C-4B5D-46FB-B673-27FEE4E55F1A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CB87E299-22E3-4FBA-A66D-E5E1DBBE2E68}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E0B6AB4B-3869-4E81-86BF-FB3B87761AA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC305702-A113-42AD-BBE1-5A9D9E6C8FB8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F084BC6C-981A-40FC-AA38-FB5077B85023}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{FB615D0D-FCB6-4141-B815-21379B2DF4A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C08F25-877D-4A38-BE60-6804FDA2C620}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{036DDFAF-97B5-4B09-AF01-3C05722E12D7}" = protocol=6 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe |
"{0582BB66-D6FA-4DEE-A857-02B2FE6870FA}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\condition zero\hl.exe |
"{058A3F01-CFFF-4B8D-9194-51D163F12DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0759E645-9863-4A45-B816-5CDBECC07672}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe |
"{0D6BE235-5412-4331-8438-065ADDEE4F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe |
"{0DC85D97-55FB-4ED0-BCDA-93C9E086596B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0FA90351-1EF4-4B39-ADFC-D55C401C183C}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe |
"{0FC46A12-82DA-4A1D-B290-BA6470E2D668}" = protocol=6 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe |
"{12CC9B2D-7A47-4A20-AC08-96C761BF2295}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{1568B213-003B-4311-A6FD-A8FA778AD368}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe |
"{15F3BE6F-8406-40B1-9C14-D6A7B3FEA37B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{176F50FB-7861-4990-8A16-E24E485F4787}" = protocol=6 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\launcher.exe |
"{18A69F1E-6CA6-4916-9392-8CD20DBACA0C}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe |
"{1A08794A-1AF9-4989-AE38-036F5857308D}" = dir=in | app=%programfiles% (x86)\mozilla firefox\firefox.exe |
"{1AB4F802-483A-4D02-B711-503CCDA9F334}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe |
"{1B7D6C00-C4B1-4078-8538-ADD8FEC4DD1E}" = protocol=6 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C1888A5-C734-4545-AE3F-EF135DB3BDA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D2ED549-AEE0-4746-B07E-4DB90DF81077}" = protocol=17 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe |
"{1F960626-DE8C-4C27-92CB-24B2A8EAB6B6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{24AC3EE9-38B0-42EA-89E5-85709190F425}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{2773CB19-81A4-425F-91DD-16E0D7F1D54C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{296A393D-F6EC-441D-B2A1-6B130E03561A}" = protocol=6 | dir=in | app=d:\fscommand\cksocketserver.exe |
"{2990D2F6-AD98-451D-A707-FD709F950D89}" = dir=in | app=%systemdrive%\games\world_of_tanks\worldoftanks.exe |
"{320AD417-6193-4B39-BF83-9EB3BA00192F}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{32196E42-491C-45C9-BB9A-80D7BE86D45F}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe |
"{32D5A848-BFDB-44E8-8293-FFB0C72CF15B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39475274-CBBC-4C53-AE69-C5EE414242FA}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{3A61DFCB-A362-443A-A8D8-06ED22119EDA}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{3B41FCF2-60D2-478E-9F7F-A77C1B21DD08}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{3DE3488E-2A18-49F5-AC36-DF048F8B6F3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F2FF587-475D-4B70-94BD-91B0D634A4DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41A7D6D0-2857-4AF1-97C8-ED73DF11AAF7}" = dir=out | app=%programfiles%\riot games\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.170\deploy\league of legends.exe |
"{43D75E93-3EA6-4197-8CE3-B1B6595444C9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{4F284623-FF14-4780-B666-1BD5C11A727E}" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin |
"{51BBFB32-EE7A-446C-8933-741EAF63D643}" = protocol=6 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe |
"{52E4902E-62E6-44BB-A2D0-3253D905E3CC}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{555774F4-E103-4497-B923-A54826617F77}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{56E3732A-A2D7-4670-9A91-9F3311155D69}" = protocol=17 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe |
"{5A70B2EB-F9E6-4C1F-B85E-B8A8FC649144}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{5AF7A955-73A9-45F2-80E5-7A19BA737744}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe |
"{6010DC50-B405-43E8-A34B-DC3109F5FD00}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe |
"{605E2D23-4FE1-4756-86FD-CD7BE0D0DA6E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{630DFECE-A172-4807-B3C0-431C9C2CCEB7}" = protocol=6 | dir=out | app=system |
"{6CA2DFB1-F331-4981-8947-C939C6869E7E}" = protocol=6 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe |
"{725D7678-5580-4639-A5ED-72EA4AECB463}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe |
"{727DC954-7660-4D2A-95CC-0D37CFC473CB}" = protocol=17 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe |
"{7387148B-63EA-4529-8CA5-3D4B452AE46F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BF39177-4C6D-40D0-8D6F-8EA58D4FDF4A}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{7CF5973B-39BD-49FB-8C24-565C5F25F335}" = dir=out | app=%programfiles% (x86)\mozilla firefox\firefox.exe |
"{7F0B791C-7C33-45CE-A65A-493DB2F12E51}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80B8445E-E708-4186-940A-9862A9F43E0C}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{815A5A2C-31DB-475F-9E6F-DF3D6919D4A3}" = dir=out | app=%systemdrive%\games\world_of_tanks\worldoftanks.exe |
"{8289CFD1-5490-4F17-BA99-C76EEC9532C7}" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin |
"{840AFD69-4ACD-4432-94AE-F6091DEDD5A8}" = protocol=17 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe |
"{847EF9DA-CF3E-4FA3-AA77-29BED4D1C2EB}" = protocol=17 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe |
"{85AC32BC-3A84-4245-8F1E-43C9E614B259}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{888C473C-AD5D-4F06-B757-041500DA1415}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{8C545E6F-09AC-438F-90DB-B979177A201E}" = protocol=58 | dir=in | app=system |
"{8DB5CA90-5C60-4738-BEA9-254D73742C0E}" = protocol=6 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe |
"{8EB95353-6044-4983-AF97-CB3F67950247}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe |
"{9097D214-ED9C-424D-86E9-55FD70C4A3F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{91CA08CC-0AB1-451C-84FA-1C6AD43E1D58}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin |
"{9296CAA6-4CA4-45BF-B43E-5AFC90B95E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe |
"{93AAF2BE-9BF8-47F7-8BD8-B3C1C4F05A86}" = protocol=17 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe |
"{949502CA-F4D8-4218-B481-E063733D5C41}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe |
"{9A92BFB9-EF2C-4F76-B8A0-41F87D5A582D}" = protocol=17 | dir=in | app=d:\fscommand\cksocketserver.exe |
"{9F67BA8B-261C-4EA6-82DE-F7CBC385752C}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin |
"{9F76189A-27B8-4D14-A39D-B4A7DDB67F77}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe |
"{A37376AA-1FC1-4437-B7DB-DAEBAF5B4614}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4719768-FEF7-421C-A363-E0DEE500AD19}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013game.exe |
"{A489B7A1-F84E-4031-AFEA-85979F13E54E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe |
"{A92F3CA3-E9F4-49AD-B181-36DFE8BECD0D}" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin |
"{A94CDAD2-C27A-4E64-9E44-D0F2072C2687}" = dir=in | app=%programfiles%\riot games\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.170\deploy\league of legends.exe |
"{A966E5E2-D90D-4925-9B24-75E251ACB77E}" = protocol=17 | dir=in | app=c:\users\damian\appdata\roaming\dropbox\bin\dropbox.exe |
"{AAEFD139-1E29-4667-A160-60F9FE036CC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF532182-7C81-4908-84B4-EFAE7465873A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 14\game\fifa14.exe |
"{B0C5247E-EA84-4FEB-BE12-1FEE82E8FA37}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\counter-strike\hl.exe |
"{B12400AD-56C6-4E2A-98B5-364FAADD942A}" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin |
"{B4133783-8B3C-46AD-A942-18C538E6896A}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{BA738D30-0999-4D74-B637-BFB7FAE46539}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BEB5479B-8C47-4F84-87B3-5982B9D7B8A4}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe |
"{CE43B043-8A5C-4A7F-B4FB-F8096AA1B774}" = protocol=17 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\launcher.exe |
"{D5F2D254-2D9E-4A70-9A46-146C5A8D711D}" = protocol=6 | dir=in | app=c:\program files\riot games\league of legends\lol.launcher.exe |
"{D652FFBC-11EC-4984-AA39-371E0FA58D94}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe |
"{E1B85541-7BF9-4CA0-B450-F905605C6BD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E30E83B1-3A1F-49FE-AE6E-601C77B324D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6BD77B6-B260-4EC2-8FD3-A6EC00183328}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E7A09099-BF0C-4FB8-8379-1D30FBEE46C5}" = dir=in | app=%programfiles% (x86)\valve\steam\steamapps\common\half-life\hl.exe |
"{E80E10AD-1397-4B12-A9BA-78864479DE09}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{E9B7649B-98F4-406B-A109-3804AFC6A08D}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\ak47im4a1\condition zero\hl.exe |
"{EABF83F8-72F2-40B8-8A43-41202D57077C}" = dir=out | app=%programfiles% (x86)\valve\steam\steamapps\common\half-life\hl.exe |
"{ED100906-27CE-4467-B7D1-375EBDE30804}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 14\game\fifa14.exe |
"{EF4D0539-1FCE-4748-8281-A70A1D503841}" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin |
"{F55653DC-ADBA-45B2-8309-721B9D00024B}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2013\farmingsimulator2013.exe |
"{F8637FE0-5275-440E-A88D-92C2AEB5DA72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8E94C7A-31D0-4170-A1CD-EDEB05097EF8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FC7C9B98-1468-4BB8-99A9-630F2563995A}" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin |
"TCP Query User{0357249D-A1ED-48CF-B7F6-12A172E91ABE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{083D2AAC-109E-4FB6-8AF6-D64FDF279698}C:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe" = protocol=6 | dir=in | app=c:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe |
"TCP Query User{0E890D26-AF66-4199-AFFF-BD36C853EE12}C:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe |
"TCP Query User{1D8AB3A1-0C7E-4896-98A7-F85E1661D70E}C:\lfs\lfs.exe" = protocol=6 | dir=in | app=c:\lfs\lfs.exe |
"TCP Query User{22B7B371-66AC-40F2-B2AA-55CA35B8B5CE}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe |
"TCP Query User{28E9F5DD-2332-4E70-B7F6-AB9ED830EB0E}C:\users\damian\desktop\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor.exe |
"TCP Query User{2B8205AD-821C-400F-A40D-16ADA9002FD8}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{3637699B-7D5B-4B7B-8FD8-E89DA29EE05A}C:\program files (x86)\valve\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"TCP Query User{4B328CA0-5434-46FC-B478-76112D48CF9E}C:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin |
"TCP Query User{58514169-12BB-4C04-B0D5-8AE9FB5DD3CF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{59F8681A-8A9D-46FF-9142-ABD24E47431E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{684EFD6C-48CA-42F5-A894-BA2490C4FCD9}C:\program files\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\stronghold crusader\stronghold crusader.exe |
"TCP Query User{7BD9AE5C-A3C6-4230-834A-974844B5BD4D}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe |
"TCP Query User{8176635D-BBEF-4B47-A141-B2D38E68014D}C:\program files (x86)\webzen\mu\main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\webzen\mu\main.exe |
"TCP Query User{93012392-8B70-4C61-8893-B569B2D63976}C:\program files (x86)\elfbot ng\navserv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe |
"TCP Query User{A1FFF28C-C003-4D6B-9D93-7FF74B208D1D}C:\users\damian\desktop\rfactor\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe |
"TCP Query User{AB4581D2-0DDD-49AB-82D9-8948BAB5270D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{C6298876-7FE0-411D-8FF1-A237411D32C4}C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe |
"TCP Query User{D32AC9AF-3F95-491B-B49C-3F75C1C8A2D2}C:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe |
"TCP Query User{D5D7AD28-4E2F-48BC-8CC7-BDBDC4A08053}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe |
"TCP Query User{D66FDDD3-D246-42AD-999E-109F17A68D58}C:\program files (x86)\teratera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe |
"TCP Query User{D73CB364-736B-4E75-AE7E-C3E69D012C8D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{E53D503C-18AC-41F1-8BBA-0029A26793BD}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{E8ADE1FB-BB9F-48A9-80DF-6667D97522A9}C:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin |
"TCP Query User{ECF08855-A916-4D3B-A781-644C39D4D7F7}C:\users\damian\desktop\moje\gra\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin |
"TCP Query User{EE4B5DFA-2086-4D65-9798-637274FC6C7A}C:\users\damian\desktop\lfs\lfs.exe" = protocol=6 | dir=in | app=c:\users\damian\desktop\lfs\lfs.exe |
"TCP Query User{F272BDE4-88B4-4942-9C45-3D99B991032B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{FBCEE427-E09F-4B63-95A4-9B951DF5E144}C:\users\damian\desktop\moje\gra\yitian2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin |
"UDP Query User{043C931D-B6E7-44E7-B025-F712F069F8F6}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{0BD953DF-D78E-4D76-81B1-2487B87EB103}C:\program files\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\stronghold crusader\stronghold crusader.exe |
"UDP Query User{2035276C-B711-475D-A7EA-11F50D982A8C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{2A8347B1-087C-4BF4-AA5A-F4E3E80251EB}C:\users\damian\desktop\moje\gra\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\metin2client.bin |
"UDP Query User{2EC5A728-42D2-4DC7-861F-8342458185B5}C:\users\damian\desktop\moje\gra\yitian2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\gra\yitian2\metin2client.bin |
"UDP Query User{3544B80C-25F4-4348-95AA-6F8909833252}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{3E238A8F-0E92-4080-9E72-5B780759F5D0}C:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\nowy folder (2)\elfbot ng 8.60\elfbot ng\navserv.exe |
"UDP Query User{48DDB576-AB28-4704-BC2B-ACC35FFD6F38}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{4C171A17-2714-4B98-B56B-EECF8DF0532B}C:\program files (x86)\valve\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"UDP Query User{5430D235-E767-4EA3-9270-E9FF3203D683}C:\users\damian\desktop\lfs\lfs.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\lfs\lfs.exe |
"UDP Query User{5CAF9C2F-B8D7-4A0E-A06F-A89C504B5F4D}C:\program files (x86)\elfbot ng\navserv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\elfbot ng\navserv.exe |
"UDP Query User{64C6A34B-9DC4-40FF-9CCC-29C17EA1EDDB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{766FB2F2-2E90-46D2-9CE9-9A960B70285B}C:\users\damian\desktop\rfactor\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor\rfactor.exe |
"UDP Query User{83B10552-70B3-40E1-8451-492268752EE9}C:\program files (x86)\webzen\mu\main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\webzen\mu\main.exe |
"UDP Query User{8463226A-9EC2-491A-AF4E-A376F1408318}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe |
"UDP Query User{8EE2BA92-A862-45EF-9891-CF6E3DB5CE81}C:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\rfactor\rfactor\rfactor.exe |
"UDP Query User{9CCB14E3-8F95-448C-9346-773F73B11023}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe |
"UDP Query User{9F343FAE-E7AD-4EA2-99D4-32AFC292252B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{A3B47CFC-5CFA-4B18-BAC9-C6C99E3440E2}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A771E51B-4528-4CAA-927C-44CF973FBF19}C:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\moje\vestiaots client\elfbot ng 8.60\elfbot ng\navserv.exe.exe |
"UDP Query User{B5EBAA9A-527F-45A8-BC66-F11CC52B1D29}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{C2AE1A6C-5161-4706-AB66-73BB0F02007E}C:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.763\yitian2\metin2client.bin |
"UDP Query User{C4841934-5622-4777-A3E1-51D39AC54C7B}C:\program files (x86)\teratera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teratera\tera-launcher.exe |
"UDP Query User{C9049108-0C7A-45E5-830F-CEE3C887B3BB}C:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rar$exa0.881\metin2client.bin |
"UDP Query User{D939A15B-76F1-4610-9FC6-D405CCEF1093}C:\lfs\lfs.exe" = protocol=17 | dir=in | app=c:\lfs\lfs.exe |
"UDP Query User{DB19644D-1FCF-4FD3-A079-22AF87FDEAFB}C:\users\damian\desktop\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\users\damian\desktop\rfactor\rfactor.exe |
"UDP Query User{EB159FB1-3D5F-42F1-8F05-01FE68E06820}C:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe" = protocol=17 | dir=in | app=c:\users\damian\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe |
"UDP Query User{F47A034F-0FC1-420F-B54A-029C2C31BFF7}C:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\minecraftzyczu.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D24C5B0-958D-11E2-999F-F04DA23A5C58}" = Movie Studio Platinum 12.0 (64-bit)
"{7065E6F0-958D-11E2-B084-F04DA23A5C58}" = MSVCRT Redists
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.6
"McAfee Security Scan" = McAfee Security Scan Plus
"WinRAR archiver" = WinRAR 4.20 (64-bitowy)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{387A7BC7-577B-4FC9-8337-4DB8F7D34E55}" = MotoGP(TM)13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}" = MotoGP(TM)13
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89505A66-35F0-4401-B3AD-D077051F8698}" = Qtrax Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95140000-00AF-0415-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99759E36-8961-43DC-A7E6-4601D6AEF166}" = Windows Phone app for desktop
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A313C1BB-04A5-49FA-AA26-6C3DDD9F6C7F}" = LogMeIn Hamachi
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Polish
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5B98340-0296-11E2-8B8E-F04DA23A5C58}" = Vegas Pro 11.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DA0106A3-216E-48DE-9CF6-655DA8FC1D22}" = OpenOffice 4.0.1
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v3.00
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"Battle.net" = Battle.net
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.0.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"DriverDoc_is1" = DriverDoc
"FarmingSimulator2013INT_is1" = Farming Simulator 2013
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.2
"Hearthstone" = Hearthstone
"Hermes_ponadgim_2013" = Hermes_ponadgim_2013
"Host OpenAL" = Host OpenAL
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 28.0 (x86 pl)" = Mozilla Firefox 28.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3
"'MX vs ATV Reflex'_is1" = 'MX vs ATV Reflex' (Ŕíăëčéńęŕ˙ âĺđńč˙)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"ST6UNST #1" = HLTooLz
"The Elder Scrolls V Skyrim_is1" = The Elder Scrolls V Skyrim
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"xxxxxxxxxxxxx-Pearson" = Market Leader Elementary 3rd Edition
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1916465668-3720097953-3934798095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GG" = GG
"Hoolapp Packages" = Hoolapp Packages
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2014-05-05 04:16:06 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-05 07:43:46 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-05 14:34:54 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-06 03:59:59 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-06 13:10:04 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-06 15:08:18 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-06 15:22:07 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-06 16:15:38 | Computer Name = Damian-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: setup.exe_Sony PC Companion, wersja:
 17.0.0.717, sygnatura czasowa: 0x4cab8cfa  Nazwa modułu powodującego błąd: StructuredQuery.dll,
 wersja: 7.0.7601.17514, sygnatura czasowa: 0x4ce7ba03  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x00012146  Identyfikator procesu powodującego błąd: 0x1708  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01cf696794d6549a  Ścieżka aplikacji powodującej błąd:
 C:\Users\Damian\AppData\Local\Temp\{DD864879-74BF-4BEC-BC52-EBB68CF4000C}\setup.exe
Ścieżka
 modułu powodującego błąd: C:\Windows\System32\StructuredQuery.dll  Identyfikator
raportu: 2fd6ae78-d55b-11e3-a704-bc5ff41c6219
 
Error - 2014-05-07 03:45:58 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-08 03:45:59 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2014-05-08 04:29:32 | Computer Name = Damian-Komputer | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 2012-12-07 10:23:46 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 15:23:35 - Błąd podczas nawiązywania połączenia z Internetem.  15:23:35
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-12-12 09:26:14 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 14:26:14 - Błąd podczas nawiązywania połączenia z Internetem.  14:26:14
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-12-12 09:26:24 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 14:26:19 - Błąd podczas nawiązywania połączenia z Internetem.  14:26:19
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-06-11 05:42:51 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 11:42:45 - Błąd podczas nawiązywania połączenia z Internetem.  11:42:45
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-06-16 13:24:34 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 19:24:34 - Nie można pobrać pakietu Directory (Błąd: Połączenie podstawowe
 zostało zakończone: Wystąpił nieoczekiwany błąd przy odbiorze.)  
 
Error - 2013-07-31 04:40:09 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 10:40:00 - Błąd podczas nawiązywania połączenia z Internetem.  10:40:00
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-07-31 06:39:38 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 12:39:33 - Błąd podczas nawiązywania połączenia z Internetem.  12:39:33
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-07-31 07:40:05 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 13:40:02 - Błąd podczas nawiązywania połączenia z Internetem.  13:40:02
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-07-31 08:40:26 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 14:40:26 - Błąd podczas nawiązywania połączenia z Internetem.  14:40:26
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-07-31 08:40:32 | Computer Name = Damian-Komputer | Source = MCUpdate | ID = 0
Description = 14:40:31 - Błąd podczas nawiązywania połączenia z Internetem.  14:40:31
 -     Nie można skontaktować się z serwerem..  
 
[ System Events ]
Error - 2014-05-06 13:08:11 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys)
 z powodu następującego błędu:   %%1058
 
Error - 2014-05-06 13:09:54 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
 z usługą Update WiseEnhance.
 
Error - 2014-05-06 13:09:54 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Update WiseEnhance z powodu następującego
 błędu:   %%1053
 
Error - 2014-05-06 15:05:43 | Computer Name = Damian-Komputer | Source = DCOM | ID = 10010
Description =
 
Error - 2014-05-06 15:07:02 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys)
 z powodu następującego błędu:   %%1058
 
Error - 2014-05-06 15:20:24 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys)
 z powodu następującego błędu:   %%1058
 
Error - 2014-05-07 03:44:17 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys)
 z powodu następującego błędu:   %%1058
 
Error - 2014-05-07 18:04:22 | Computer Name = Damian-Komputer | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
 można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.
 
Error - 2014-05-08 03:44:14 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys)
 z powodu następującego błędu:   %%1058
 
Error - 2014-05-08 04:27:49 | Computer Name = Damian-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldrx64.sys)
 z powodu następującego błędu:   %%1058
 
 
< End of report >[/log]
 

Gość
komentarz
komentarz

w miedzyczasie gdy czekasz az ktos obeznany zajrzy w logi uzyj adwcleaner usun wszystko co wynajdzie - oraz ccleaner

Zayfi
komentarz
komentarz

Brak raportu Extras.txt z OTL - uzupełnij.

Adain
komentarz
komentarz

Zrobione.

Zayfi
komentarz
komentarz (edytowane)

Wolna praca mówisz? To zacznij od odinstalowania Avasta.

 

Skutkiem ubocznym zastosowania gmera jest przestawienie trybu pracy dysku na PIO. Trzeba to odwróćić i zapodać DMA.

Adain
komentarz
komentarz (edytowane)

Chciałbym wiedzieć co właśnie do mnie napisałeś ale niestety, proszę o zastosowanie języka "dla zielonych" :P

 

 

Cofam to wyżej, poszukałem w necie, sprawdzilęm dysk nadal pracuje w trybie DMA

Zayfi
komentarz
komentarz
Cofam to wyżej, poszukałem w necie, sprawdzilęm dysk nadal pracuje w trybie DMA

 

To wyawal avasta i sprawdź jak działa system. Powtarzam, infekcji nie ma.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.