Stale wgrywający się wirus na przenośne urządzenie usb

**Posty:** 4 · przez **marian43** 07 Wrz 2011, 15:17

witam!
z góry przepraszam za kompletne nie obeznanie w temacie, licząc na to że ktoś mi jednak pomoże z moim problemem
mam problem z wgrywającym się wirusem na urządzenie usb
prawdopodobnie złapałem jakiś "syf" podłączając się do komputera w punkcie ksero bądź innym, niestety tryb mojego życia wymaga ciągłego podłączania się do innych komputerów co niestety kończy się tragicznie...

problem wygląda nastepująco:
kiedy podłączam urządzenie, ESET NOD32 wykrywa wirusa opisywanego jako delf.nht na dysku przenośnym
dysk próbowałem formatować jednak za każdym ponownym włożeniem dysku wirus powraca na urządzenie tworząc dwa podejrzane katalogi

czytałem sporo o problemach związanych z wirusami na dyskach przenośnych
próbowałem uruchomić 'msconfig' i w zakładce 'uruchamianie' widzę 'windowslogn' którego producent jest nieznany, próbowałem odznaczyć i uruchomić ponownie komputer jednak za każdym razem automatycznie ta opcja się zaznacza

aha, dodam że używam windows 7

będę wdzięczny za pomoc
z góry dziękuje i pozdrawiam

**Posty:** 18165 · przez **wojtas** 07 Wrz 2011, 16:14

Proszę zastosować się do obowiązkowych zasad w dziale bezpieczeństwo
- wstaw wymagane logi
- wrzuć logi na forum w tagach code lub na www.wklej.org
- do tego Przy podpiętym urządzeniu przenośnym (pendrive, telefon - to co jest podłączane do komputera, to co masz zainfekowane) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

**Posty:** 4 · przez **marian43** 08 Wrz 2011, 00:01

1. sptd "powiedział" mi że nie nie znalazł sptd.sys

2. system 64 bitowy

3. otl txt

Kod: Zaznacz wszystko: OTL logfile created on: 2011-09-07 23:37:45 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Groov\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,40 Gb Available Physical Memory | 19,92% Memory free 4,00 Gb Paging File | 1,96 Gb Available in Paging File | 48,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 52,80 Gb Total Space | 4,93 Gb Free Space | 9,35% Space Free | Partition Type: NTFS Drive D: | 180,08 Gb Total Space | 72,79 Gb Free Space | 40,42% Space Free | Partition Type: NTFS Drive F: | 971,11 Mb Total Space | 450,84 Mb Free Space | 46,43% Space Free | Partition Type: FAT Computer Name: HP | User Name: Groov | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-09-07 23:35:32 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Groov\Downloads\OTL.exe PRC - [2011-08-15 17:00:53 | 000,828,928 | ---- | M] () -- C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe PRC - [2011-07-06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-05-25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Groov\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011-05-21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010-10-27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2010-08-20 10:49:04 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe PRC - [2010-08-20 10:49:04 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2007-04-20 21:36:34 | 000,966,656 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-09-03 14:28:23 | 000,400,440 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll MOD - [2011-09-03 14:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll MOD - [2011-09-03 14:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll MOD - [2011-09-03 14:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll MOD - [2011-09-03 14:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll MOD - [2011-09-03 12:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll MOD - [2011-09-03 12:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\APPLIC~1\130782~1.220\gcswf32.dll MOD - [2011-08-15 17:00:53 | 000,828,928 | ---- | M] () -- C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe MOD - [2010-10-27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010-10-27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll MOD - [2010-10-27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll MOD - [2010-10-27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010-10-27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010-10-27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010-10-27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010-10-27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010-10-27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010-10-27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010-10-27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2008-04-16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008-04-16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008-04-16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008-04-16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008-04-16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll MOD - [2008-04-02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll MOD - [2008-04-02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll MOD - [2008-04-02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll MOD - [2007-04-20 21:36:34 | 000,966,656 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe MOD - [2007-04-20 21:34:58 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll MOD - [2007-04-20 21:34:44 | 000,198,656 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll MOD - [2007-04-20 21:34:28 | 000,409,088 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll MOD - [2007-04-20 21:34:22 | 001,108,992 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll MOD - [2007-04-20 21:33:22 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll MOD - [2007-04-20 21:33:14 | 000,333,312 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll MOD - [2007-04-20 21:32:36 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll MOD - [2007-01-20 01:36:56 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-27 23:19:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-05-21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-04-29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011-02-18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-08-20 10:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:[b]64bit:[/b] - [2010-07-21 16:59:28 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:[b]64bit:[/b] - [2010-07-21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:[b]64bit:[/b] - [2010-05-27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009-12-03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-04-29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:[b]64bit:[/b] - [2009-02-12 14:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:[b]64bit:[/b] - [2009-02-12 14:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:[b]64bit:[/b] - [2009-02-12 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:[b]64bit:[/b] - [2008-07-26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:[b]64bit:[/b] - [2008-07-26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:[b]64bit:[/b] - [2008-07-26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:[b]64bit:[/b] - [2008-07-26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:[b]64bit:[/b] - [2008-03-04 02:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:[b]64bit:[/b] - [2007-07-11 02:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqRemHid.sys -- (HpqRemHid) DRV:[b]64bit:[/b] - [2006-11-18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2006-06-17 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-399209185-2997448090-2894119975-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-399209185-2997448090-2894119975-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-399209185-2997448090-2894119975-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Groov\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Groov\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-06-14 18:12:24 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [] File not found O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1002..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1003..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1002..\RunOnce: [mctadmin] File not found O4 - Startup: C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Groov\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowslogn.lnk = C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.3.1/jinstall-13-win32.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 10.79.27.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FDF446-5D14-403C-A553-FA6AC792D482}: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3FE5D5-C8A0-4EBC-B66C-8F868B82FE65}: DhcpNameServer = 192.168.1.1 10.79.27.100 O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-09-07 23:32:04 | 000,526,392 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2011-09-07 16:20:41 | 000,000,000 | ---D | C] -- C:\UsbFix [2011-09-07 14:59:32 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011-09-07 14:54:08 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Malwarebytes [2011-09-07 14:53:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011-09-07 14:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-09-07 14:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-09-07 14:53:52 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011-09-07 14:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011-09-07 14:19:03 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Local\ESET [2011-09-03 22:23:14 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Local\LogiShrd [2011-09-03 22:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011-09-03 22:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2011-09-03 22:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2011-08-31 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\GameRanger [2011-08-29 23:34:55 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2011-08-29 23:34:55 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quake III Arena [2011-08-24 01:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena [2011-08-24 01:50:48 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2011-08-16 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Guitar Pro 6 [2011-08-16 22:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6 [2011-08-16 22:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6 [2011-08-15 19:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NO1 DVD Audio Ripper [2011-08-15 18:52:53 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\PgcEdit [2011-08-15 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Groov\Documents\Streaming Video Recorder [2011-08-15 17:01:08 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Apowersoft [2011-08-15 17:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft [2011-08-15 17:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft [2011-08-15 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Local\Temporary system [2011-08-11 03:01:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011-08-11 03:01:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011-08-11 03:01:16 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011-08-11 03:01:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011-08-11 03:01:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011-08-11 03:01:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011-08-11 03:01:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011-08-11 03:01:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011-08-11 03:01:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011-08-10 11:55:37 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011-08-10 11:55:37 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011-08-10 11:55:36 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011-08-10 11:55:36 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011-08-10 11:55:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011-08-10 11:55:36 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011-08-10 11:55:36 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011-08-10 11:55:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011-08-10 11:55:35 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011-08-10 11:55:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011-08-10 11:55:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011-08-10 11:55:23 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011-08-10 11:55:23 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011-08-10 11:55:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011-08-10 11:55:22 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011-08-10 11:55:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011-08-10 11:55:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011-08-10 11:55:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011-08-10 11:55:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011-08-10 11:55:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011-08-10 11:55:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011-08-10 11:55:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011-08-10 11:55:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011-08-10 11:55:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011-08-10 11:55:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011-08-10 11:55:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011-08-10 11:55:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011-08-10 11:55:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011-08-10 11:55:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011-08-10 11:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011-08-10 11:55:06 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011-08-10 11:55:04 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011-08-10 11:55:03 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011-08-09 01:41:43 | 000,000,000 | ---D | C] -- C:\Users\Groov\Documents\VideoPad Projects [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-09-07 23:43:14 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1003UA.job [2011-09-07 23:43:14 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1003Core.job [2011-09-07 23:40:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-09-07 23:40:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-09-07 23:32:07 | 000,526,392 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2011-09-07 23:15:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1000UA.job [2011-09-07 23:12:03 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1001UA.job [2011-09-07 23:12:03 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1000Core.job [2011-09-07 23:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-09-07 15:05:53 | 000,001,282 | ---- | M] () -- C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowslogn.lnk [2011-09-07 15:01:14 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys [2011-09-07 14:53:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-07 10:00:43 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1001Core.job [2011-09-04 21:57:30 | 006,955,128 | ---- | M] () -- C:\Users\Groov\Desktop\undead_god.mp3 [2011-09-03 22:01:28 | 001,531,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-09-03 22:01:28 | 000,690,444 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-09-03 22:01:28 | 000,609,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-09-03 22:01:28 | 000,132,596 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-09-03 22:01:28 | 000,104,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-09-03 22:00:35 | 000,002,359 | ---- | M] () -- C:\Users\Groov\Desktop\Google Chrome.lnk [2011-08-31 22:51:26 | 000,001,032 | ---- | M] () -- C:\Users\Groov\Desktop\GameRanger.lnk [2011-08-24 15:29:18 | 000,006,144 | ---- | M] () -- C:\Users\Groov\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-08-22 19:46:50 | 007,625,376 | ---- | M] () -- C:\Users\Groov\Desktop\slipknotsic_cover_unmixed.mp3 [2011-08-22 19:24:36 | 001,636,626 | ---- | M] () -- C:\Users\Groov\Desktop\samplesk.mp3 [2011-08-15 17:01:08 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-09-07 14:53:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-04 21:57:20 | 006,955,128 | ---- | C] () -- C:\Users\Groov\Desktop\undead_god.mp3 [2011-08-31 22:51:26 | 000,001,032 | ---- | C] () -- C:\Users\Groov\Desktop\GameRanger.lnk [2011-08-31 22:51:26 | 000,001,018 | ---- | C] () -- C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [2011-08-22 19:46:31 | 007,625,376 | ---- | C] () -- C:\Users\Groov\Desktop\slipknotsic_cover_unmixed.mp3 [2011-08-22 19:24:36 | 001,636,626 | ---- | C] () -- C:\Users\Groov\Desktop\samplesk.mp3 [2011-08-15 17:01:08 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk [2011-08-15 17:00:58 | 000,001,282 | ---- | C] () -- C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowslogn.lnk [2011-08-12 22:34:36 | 003,665,831 | ---- | C] () -- C:\Users\Groov\Desktop\tank_top_mockup.psd [2011-08-09 15:01:19 | 000,006,144 | ---- | C] () -- C:\Users\Groov\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-07-01 15:48:47 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2011-06-14 13:48:16 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011-06-14 13:48:16 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011-06-14 13:48:16 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011-06-14 13:47:10 | 000,027,065 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011-05-15 19:58:21 | 000,042,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011-05-15 19:57:49 | 001,565,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007-06-28 12:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2007-06-28 12:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002-10-03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini [color=#E56717]========== LOP Check ==========[/color] [2011-06-14 18:51:59 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\.wtw [2011-08-15 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Apowersoft [2011-08-02 01:19:51 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Canneverbe Limited [2011-09-07 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Dropbox [2011-09-07 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\foobar2000 [2011-08-31 22:51:25 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\GameRanger [2011-07-09 02:29:20 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\gtk-2.0 [2011-08-16 23:04:28 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Guitar Pro 6 [2011-06-14 18:16:58 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\IrfanView [2011-06-19 15:42:12 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Mp3 Tag Express [2011-08-15 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\PgcEdit [2011-09-07 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\uTorrent [2009-07-14 07:08:49 | 000,021,238 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

4. extras.txt

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-09-07 23:37:45 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Groov\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,40 Gb Available Physical Memory | 19,92% Memory free 4,00 Gb Paging File | 1,96 Gb Available in Paging File | 48,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 52,80 Gb Total Space | 4,93 Gb Free Space | 9,35% Space Free | Partition Type: NTFS Drive D: | 180,08 Gb Total Space | 72,79 Gb Free Space | 40,42% Space Free | Partition Type: NTFS Drive F: | 971,11 Mb Total Space | 450,84 Mb Free Space | 46,43% Space Free | Partition Type: FAT Computer Name: HP | User Name: Groov | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML.Groov] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [JJMP3Renamer.Add] -- "C:\Program Files (x86)\JJ MP3 Renamer\JJ MP3 Renamer.exe" "%1" (JJ Software) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [JJMP3Renamer.Add] -- "C:\Program Files (x86)\JJ MP3 Renamer\JJ MP3 Renamer.exe" "%1" (JJ Software) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW 0.8.8.2580 "{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.2.5 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0 "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D7647425-7A6F-4DC6-9F9A-71148AB424CD}" = ESET NOD32 Antivirus "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1045-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Polish "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "ALLPlayer_is1" = ALLPlayer V4.X "Diablo II" = Diablo II "foobar2000" = foobar2000 v0.9.4.3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "IrfanView" = IrfanView (remove only) "JJ MP3 Renamer" = JJ MP3 Renamer 3.2.4 "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "OpenAL" = OpenAL "Quake III Arena" = Quake III Arena "Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32 "ST6UNST #1" = Hero Editor V1.04 "Super Sterownik_is1" = Super Sterownik "Usbfix" = UsbFix By El Desaparecido "uTorrent" = µTorrent "VideoPad" = VideoPad Video Editor "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "Dropbox" = Dropbox "Google Chrome" = Google Chrome [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "Dropbox" = Dropbox "GameRanger" = GameRanger "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-08-01 19:09:35 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: nero.exe, wersja: 6.6.1.4, sygnatura czasowa: 0x440c8e3c Nazwa modułu powodującego błąd: msa.dll, wersja: 2.0.9.37, sygnatura czasowa: 0x43a99a60 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002a975 Identyfikator procesu powodującego błąd: 0xddc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc50a00b1a53f0 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Ahead\nero\nero.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Common Files\Ahead\AudioPlugins\msa.dll Identyfikator raportu: 51e603b0-bc93-11e0-8718-001e685ad07c Error - 2011-08-01 19:17:04 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: nero.exe, wersja: 6.6.1.4, sygnatura czasowa: 0x440c8e3c Nazwa modułu powodującego błąd: msa.dll, wersja: 2.0.9.37, sygnatura czasowa: 0x43a99a60 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002a975 Identyfikator procesu powodującego błąd: 0x3c0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cc50a11df70b20 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Ahead\nero\nero.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Common Files\Ahead\AudioPlugins\msa.dll Identyfikator raportu: 5d8dc260-bc94-11e0-8718-001e685ad07c Error - 2011-08-02 14:21:49 | Computer Name = HP | Source = System Restore | ID = 8193 Description = Error - 2011-08-08 06:00:15 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MovieMaker.exe, wersja: 15.4.3508.1109, sygnatura czasowa: 0x4cda7233 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0d01b5ed Identyfikator procesu powodującego błąd: 0xebc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc55b1e1237f10 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 364be900-c1a5-11e0-ac17-001e685ad07c Error - 2011-08-08 06:00:40 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MovieMaker.exe, wersja: 15.4.3508.1109, sygnatura czasowa: 0x4cda7233 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0bbab5ed Identyfikator procesu powodującego błąd: 0x9cc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc55b203100940 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 454befe0-c1a5-11e0-ac17-001e685ad07c Error - 2011-08-15 11:49:30 | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Program wtw.exe w wersji 0.8.16.2818 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 60c Godzina rozpoczęcia: 01cc5b54ec07cb40 Godzina zakończenia: 9 Ścieżka aplikacji: C:\Program Files\K2T\WTW\wtw.exe Identyfikator raportu: 26f4c63d-c756-11e0-a847-001e685ad07c Error - 2011-08-23 17:13:47 | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Program ALLUpdate.exe w wersji 1.1.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 990 Godzina rozpoczęcia: 01cc61d95c7d49b0 Godzina zakończenia: 47 Ścieżka aplikacji: C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe Identyfikator raportu: c5aabb71-cdcc-11e0-8383-001e685ad07c Error - 2011-08-26 03:27:09 | Computer Name = HP | Source = System Restore | ID = 8193 Description = Error - 2011-09-03 16:22:33 | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Program ALLUpdate.exe w wersji 1.1.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: b5c Godzina rozpoczęcia: 01cc6a771dacd420 Godzina zakończenia: 7 Ścieżka aplikacji: C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe Identyfikator raportu: 6ba68ef1-d66a-11e0-81be-001e685ad07c Error - 2011-09-07 17:30:17 | Computer Name = HP | Source = VSS | ID = 8194 Description = [ System Events ] Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:27 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:51 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:51 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:51 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 21:28:56 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 21:28:56 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 21:28:56 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. < End of report >

5. usb fix (z podpiętym czytnikiem z kartą sd na którą wdziera się wirus)

Kod: Zaznacz wszystko: ############################## | UsbFix 7.058 | [Listing] User: Groov (Administrator) # HP [Hewlett-Packard HP Pavilion dv6700 Notebook PC] Updated 24/08/2011 by El Desaparecido Started at 00:03:49 | 08/09/2011 Website: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: contact@eldesaparecido.com CPU: AMD Turion(tm) 64 X2 Mobile Technology TL-64 CPU 2: AMD Turion(tm) 64 X2 Mobile Technology TL-64 Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 Internet Explorer 9.0.8112.16421 Windows Firewall: Enabled RAM -> 2047 Mb C:\ (%systemdrive%) -> Fixed drive # 53 Gb (5 Mb free - 9%) [] # NTFS D:\ -> Fixed drive # 180 Gb (73 Mb free - 40%) [] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 971 Mb (451 Mb free - 46%) [] # FAT ################## | Listing | [13/06/2011 - 22:17:31 | SHD ] C:\$Recycle.Bin [26/05/2011 - 00:00:55 | SHD ] C:\Boot [20/11/2010 - 14:40:07 | RASH | 383786] C:\bootmgr [15/05/2011 - 17:51:26 | RASH | 8192] C:\BOOTSECT.BAK [16/08/2011 - 22:36:53 | HD ] C:\Config.Msi [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings [08/08/2011 - 10:53:55 | SHD ] C:\found.000 [07/09/2011 - 15:01:14 | ASH | 1609814016] C:\hiberfil.sys [15/11/2009 - 17:03:29 | RHD ] C:\MSOCache [07/02/2010 - 23:28:06 | D ] C:\NVIDIA [07/09/2011 - 15:01:33 | ASH | 2146418688] C:\pagefile.sys [14/07/2009 - 05:20:08 | D ] C:\PerfLogs [16/08/2011 - 04:40:53 | RD ] C:\Program Files [07/09/2011 - 14:53:52 | RD ] C:\Program Files (x86) [07/09/2011 - 14:53:55 | HD ] C:\ProgramData [15/05/2011 - 17:16:07 | SHD ] C:\Recovery [13/11/2009 - 14:35:13 | A | 1643] C:\RHDSetup.log [14/06/2011 - 16:45:28 | D ] C:\Swsetup [07/09/2011 - 23:31:57 | SHD ] C:\System Volume Information [14/06/2011 - 16:45:44 | D ] C:\System.sav [13/05/2011 - 18:36:45 | D ] C:\totalcmd [07/09/2011 - 16:20:45 | D ] C:\UsbFix [08/09/2011 - 00:03:42 | A | 1931] C:\UsbFix.txt [14/06/2011 - 11:25:04 | RD ] C:\Users [07/09/2011 - 14:59:32 | D ] C:\Windows [15/05/2011 - 17:40:17 | D ] C:\Windows.old [20/09/2010 - 16:00:58 | D ] C:\WTablet [13/06/2011 - 22:17:31 | SHD ] D:\$RECYCLE.BIN [13/02/2011 - 14:12:16 | SHD ] D:\Config.Msi [19/08/2011 - 17:24:03 | D ] D:\Diablo II [05/09/2011 - 19:45:49 | D ] D:\download [19/07/2011 - 17:05:16 | D ] D:\foty [03/09/2011 - 15:02:57 | D ] D:\Gadu-Gadu 10 [16/08/2011 - 23:02:09 | D ] D:\Guitar Pro 6 [23/08/2011 - 15:47:18 | D ] D:\mp3 [30/08/2011 - 21:58:47 | D ] D:\quake3 [15/08/2011 - 23:24:01 | A | 537641248] D:\siekierzyn.avi [22/08/2011 - 19:43:56 | D ] D:\Slipknot 1998.08.15 - Omaha, NE, USA [13/11/2009 - 13:36:28 | SHD ] D:\System Volume Information [09/07/2011 - 21:17:39 | D ] D:\Transformers.2007.PL.DVDRip.XViD-M14CH0 [21/08/2011 - 23:36:08 | D ] D:\UnrealTournament [09/07/2011 - 21:18:31 | D ] D:\[torrent-y.net]Transformers.2.Revenge.Of.The.Fallen.2009.PL.DVDRip.XViD-M14CH0 [07/09/2011 - 16:22:04 | AD ] F:\Images [07/09/2011 - 16:22:04 | AD ] F:\Videos [07/09/2011 - 16:22:04 | AD ] F:\Sounds [07/09/2011 - 15:20:00 | D ] F:\music [07/09/2011 - 16:22:04 | AD ] F:\Other files [07/09/2011 - 15:35:38 | D ] F:\Coldplay ################## | E.O.F |

i właśnie chodzi o ten katalog COLDPLAY, który tworzy mi się na karcie SD a eset nod pokazuje ze jest w nim wirus a tworzy się plik 'viva la vida.exe.part'

**Posty:** 18165 · przez **wojtas** 08 Wrz 2011, 16:57

Bo Gmer jest tylko na 32 bitowe systemy

przy podpiętej karcie :

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
PRC - [2011-08-15 17:00:53 | 000,828,928 | ---- | M] () -- C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1002..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowslogn.lnk = C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.3.1/jinstall-13-win32.cab (Reg Error: Key error.)

:Files
C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe
F:\Coldplay

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). + USBFix

**Posty:** 4 · przez **marian43** 08 Wrz 2011, 17:45

prawdopodobnie już przed robieniem ponownych logów któryś z antywirusów dał radę temu robakowi, mimo wszystko zrobiłem ponowne logi żeby ktoś mnie upewnił czy jest 'czysto'

log ze skryptem

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== No active process named windowslogn.exe was found! 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowslogn.lnk scheduled to be moved on reboot. File C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1002\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. ========== FILES ========== File\Folder C:\Users\Groov\AppData\Local\Temporary system\windowslogn.exe not found. File\Folder F:\Coldplay not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Groov ->Temp folder emptied: 3570020192 bytes ->Temporary Internet Files folder emptied: 77774251 bytes ->Java cache emptied: 2232087 bytes ->Google Chrome cache emptied: 247914029 bytes ->Flash cache emptied: 8526 bytes User: Piotr ->Temp folder emptied: 911192163 bytes ->Temporary Internet Files folder emptied: 49574850 bytes ->Google Chrome cache emptied: 241837609 bytes ->Flash cache emptied: 2909 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17927364 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes RecycleBin emptied: 1812752321 bytes Total Files Cleaned = 6 610,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Groov ->Flash cache emptied: 0 bytes User: Piotr ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.27.0 log created on 09082011_171115 Files\Folders moved on Reboot... File\Folder C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowslogn.lnk not found! C:\Users\Groov\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...

log otl

Kod: Zaznacz wszystko: OTL logfile created on: 2011-09-08 17:27:55 - Run 2 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Groov\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,86% Memory free 4,00 Gb Paging File | 2,55 Gb Available in Paging File | 63,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 52,80 Gb Total Space | 9,64 Gb Free Space | 18,26% Space Free | Partition Type: NTFS Drive D: | 180,08 Gb Total Space | 71,45 Gb Free Space | 39,68% Space Free | Partition Type: NTFS Drive F: | 971,11 Mb Total Space | 453,00 Mb Free Space | 46,65% Space Free | Partition Type: FAT Computer Name: HP | User Name: Groov | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-09-07 23:35:32 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Groov\Downloads\OTL.exe PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-06-14 17:40:55 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2011-05-25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Groov\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011-05-21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010-10-27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2010-08-20 10:49:04 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe PRC - [2010-08-20 10:49:04 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2007-04-20 21:36:34 | 000,966,656 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-09-03 14:28:23 | 000,400,440 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll MOD - [2011-09-03 14:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll MOD - [2011-09-03 14:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll MOD - [2011-09-03 14:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll MOD - [2011-09-03 14:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Groov\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll MOD - [2010-10-27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010-10-27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll MOD - [2010-10-27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll MOD - [2010-10-27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010-10-27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010-10-27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010-10-27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010-10-27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010-10-27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010-10-27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010-10-27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2008-04-16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008-04-16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008-04-16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008-04-16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008-04-16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll MOD - [2008-04-02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll MOD - [2008-04-02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll MOD - [2008-04-02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll MOD - [2007-04-20 21:36:34 | 000,966,656 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe MOD - [2007-04-20 21:34:58 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll MOD - [2007-04-20 21:34:44 | 000,198,656 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll MOD - [2007-04-20 21:34:28 | 000,409,088 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll MOD - [2007-04-20 21:34:22 | 001,108,992 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll MOD - [2007-04-20 21:33:22 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll MOD - [2007-04-20 21:33:14 | 000,333,312 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll MOD - [2007-04-20 21:32:36 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll MOD - [2007-01-20 01:36:56 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-27 23:19:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-05-21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-04-29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-09-07 23:32:07 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011-02-18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-08-20 10:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:[b]64bit:[/b] - [2010-07-21 16:59:28 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:[b]64bit:[/b] - [2010-07-21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:[b]64bit:[/b] - [2010-05-27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009-12-03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-04-29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:[b]64bit:[/b] - [2009-02-12 14:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:[b]64bit:[/b] - [2009-02-12 14:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:[b]64bit:[/b] - [2009-02-12 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:[b]64bit:[/b] - [2008-07-26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:[b]64bit:[/b] - [2008-07-26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:[b]64bit:[/b] - [2008-07-26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:[b]64bit:[/b] - [2008-07-26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:[b]64bit:[/b] - [2008-03-04 02:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:[b]64bit:[/b] - [2007-07-11 02:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqRemHid.sys -- (HpqRemHid) DRV:[b]64bit:[/b] - [2006-11-18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2006-06-17 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-399209185-2997448090-2894119975-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-399209185-2997448090-2894119975-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-399209185-2997448090-2894119975-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Groov\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Groov\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-06-14 18:12:24 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1002..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-399209185-2997448090-2894119975-1003..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Groov\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.3.1/jinstall-13-win32.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 10.79.27.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FDF446-5D14-403C-A553-FA6AC792D482}: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3FE5D5-C8A0-4EBC-B66C-8F868B82FE65}: DhcpNameServer = 192.168.1.1 10.79.27.100 O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-09-08 17:11:15 | 000,000,000 | ---D | C] -- C:\_OTL [2011-09-07 16:20:41 | 000,000,000 | ---D | C] -- C:\UsbFix [2011-09-07 14:59:32 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011-09-07 14:54:08 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Malwarebytes [2011-09-07 14:53:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011-09-07 14:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-09-07 14:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-09-07 14:53:52 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011-09-07 14:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011-09-07 14:19:03 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Local\ESET [2011-09-03 22:23:14 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Local\LogiShrd [2011-09-03 22:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011-09-03 22:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2011-09-03 22:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2011-08-31 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\GameRanger [2011-08-29 23:34:55 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2011-08-29 23:34:55 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quake III Arena [2011-08-24 01:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena [2011-08-24 01:50:48 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2011-08-16 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Guitar Pro 6 [2011-08-16 22:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6 [2011-08-16 22:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6 [2011-08-15 19:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NO1 DVD Audio Ripper [2011-08-15 18:52:53 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\PgcEdit [2011-08-15 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Groov\Documents\Streaming Video Recorder [2011-08-15 17:01:08 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Roaming\Apowersoft [2011-08-15 17:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft [2011-08-15 17:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft [2011-08-15 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Groov\AppData\Local\Temporary system [2011-08-11 03:01:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011-08-11 03:01:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011-08-11 03:01:16 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011-08-11 03:01:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011-08-11 03:01:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011-08-11 03:01:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011-08-11 03:01:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011-08-11 03:01:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011-08-11 03:01:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011-08-10 11:55:37 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011-08-10 11:55:37 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011-08-10 11:55:36 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011-08-10 11:55:36 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011-08-10 11:55:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011-08-10 11:55:36 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011-08-10 11:55:36 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011-08-10 11:55:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011-08-10 11:55:35 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011-08-10 11:55:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011-08-10 11:55:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011-08-10 11:55:23 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011-08-10 11:55:23 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011-08-10 11:55:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011-08-10 11:55:22 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011-08-10 11:55:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011-08-10 11:55:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011-08-10 11:55:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011-08-10 11:55:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011-08-10 11:55:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011-08-10 11:55:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011-08-10 11:55:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011-08-10 11:55:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011-08-10 11:55:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011-08-10 11:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011-08-10 11:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011-08-10 11:55:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011-08-10 11:55:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011-08-10 11:55:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011-08-10 11:55:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011-08-10 11:55:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011-08-10 11:55:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011-08-10 11:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011-08-10 11:55:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011-08-10 11:55:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011-08-10 11:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011-08-10 11:55:06 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011-08-10 11:55:04 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011-08-10 11:55:03 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-09-08 17:26:25 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-09-08 17:26:25 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-09-08 17:19:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-09-08 17:18:52 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys [2011-09-08 17:15:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1000UA.job [2011-09-08 17:11:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1001UA.job [2011-09-08 16:43:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1003UA.job [2011-09-08 12:01:31 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1001Core.job [2011-09-07 23:43:14 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1003Core.job [2011-09-07 23:32:07 | 000,526,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011-09-07 23:12:03 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399209185-2997448090-2894119975-1000Core.job [2011-09-07 14:53:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-04 21:57:30 | 006,955,128 | ---- | M] () -- C:\Users\Groov\Desktop\undead_god.mp3 [2011-09-03 22:01:28 | 001,531,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-09-03 22:01:28 | 000,690,444 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-09-03 22:01:28 | 000,609,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-09-03 22:01:28 | 000,132,596 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-09-03 22:01:28 | 000,104,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-09-03 22:00:35 | 000,002,359 | ---- | M] () -- C:\Users\Groov\Desktop\Google Chrome.lnk [2011-08-31 22:51:26 | 000,001,032 | ---- | M] () -- C:\Users\Groov\Desktop\GameRanger.lnk [2011-08-24 15:29:18 | 000,006,144 | ---- | M] () -- C:\Users\Groov\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-08-22 19:46:50 | 007,625,376 | ---- | M] () -- C:\Users\Groov\Desktop\slipknotsic_cover_unmixed.mp3 [2011-08-22 19:24:36 | 001,636,626 | ---- | M] () -- C:\Users\Groov\Desktop\samplesk.mp3 [2011-08-15 17:01:08 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-09-07 23:32:04 | 000,526,392 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011-09-07 14:53:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-04 21:57:20 | 006,955,128 | ---- | C] () -- C:\Users\Groov\Desktop\undead_god.mp3 [2011-08-31 22:51:26 | 000,001,032 | ---- | C] () -- C:\Users\Groov\Desktop\GameRanger.lnk [2011-08-31 22:51:26 | 000,001,018 | ---- | C] () -- C:\Users\Groov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [2011-08-22 19:46:31 | 007,625,376 | ---- | C] () -- C:\Users\Groov\Desktop\slipknotsic_cover_unmixed.mp3 [2011-08-22 19:24:36 | 001,636,626 | ---- | C] () -- C:\Users\Groov\Desktop\samplesk.mp3 [2011-08-15 17:01:08 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk [2011-08-12 22:34:36 | 003,665,831 | ---- | C] () -- C:\Users\Groov\Desktop\tank_top_mockup.psd [2011-08-09 15:01:19 | 000,006,144 | ---- | C] () -- C:\Users\Groov\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-07-01 15:48:47 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2011-06-14 13:48:16 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011-06-14 13:48:16 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011-06-14 13:48:16 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011-06-14 13:47:10 | 000,027,065 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011-05-15 19:58:21 | 000,042,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011-05-15 19:57:49 | 001,565,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007-06-28 12:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2007-06-28 12:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002-10-03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini [color=#E56717]========== LOP Check ==========[/color] [2011-06-14 18:51:59 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\.wtw [2011-08-15 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Apowersoft [2011-08-02 01:19:51 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Canneverbe Limited [2011-09-08 17:25:41 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Dropbox [2011-09-08 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\foobar2000 [2011-08-31 22:51:25 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\GameRanger [2011-07-09 02:29:20 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\gtk-2.0 [2011-08-16 23:04:28 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Guitar Pro 6 [2011-06-14 18:16:58 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\IrfanView [2011-06-19 15:42:12 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\Mp3 Tag Express [2011-08-15 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\PgcEdit [2011-09-08 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\Groov\AppData\Roaming\uTorrent [2009-07-14 07:08:49 | 000,022,030 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

log otl extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-09-08 17:27:55 - Run 2 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Groov\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,86% Memory free 4,00 Gb Paging File | 2,55 Gb Available in Paging File | 63,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 52,80 Gb Total Space | 9,64 Gb Free Space | 18,26% Space Free | Partition Type: NTFS Drive D: | 180,08 Gb Total Space | 71,45 Gb Free Space | 39,68% Space Free | Partition Type: NTFS Drive F: | 971,11 Mb Total Space | 453,00 Mb Free Space | 46,65% Space Free | Partition Type: FAT Computer Name: HP | User Name: Groov | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML.Groov] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [JJMP3Renamer.Add] -- "C:\Program Files (x86)\JJ MP3 Renamer\JJ MP3 Renamer.exe" "%1" (JJ Software) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [JJMP3Renamer.Add] -- "C:\Program Files (x86)\JJ MP3 Renamer\JJ MP3 Renamer.exe" "%1" (JJ Software) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW 0.8.8.2580 "{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.2.5 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0 "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D7647425-7A6F-4DC6-9F9A-71148AB424CD}" = ESET NOD32 Antivirus "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1045-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Polish "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "ALLPlayer_is1" = ALLPlayer V4.X "Diablo II" = Diablo II "foobar2000" = foobar2000 v0.9.4.3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "IrfanView" = IrfanView (remove only) "JJ MP3 Renamer" = JJ MP3 Renamer 3.2.4 "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "OpenAL" = OpenAL "Quake III Arena" = Quake III Arena "Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32 "ST6UNST #1" = Hero Editor V1.04 "Super Sterownik_is1" = Super Sterownik "Usbfix" = UsbFix By El Desaparecido "uTorrent" = µTorrent "VideoPad" = VideoPad Video Editor "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "Dropbox" = Dropbox "Google Chrome" = Google Chrome [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-399209185-2997448090-2894119975-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "Dropbox" = Dropbox "GameRanger" = GameRanger "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-08-01 19:09:35 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: nero.exe, wersja: 6.6.1.4, sygnatura czasowa: 0x440c8e3c Nazwa modułu powodującego błąd: msa.dll, wersja: 2.0.9.37, sygnatura czasowa: 0x43a99a60 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002a975 Identyfikator procesu powodującego błąd: 0xddc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc50a00b1a53f0 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Ahead\nero\nero.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Common Files\Ahead\AudioPlugins\msa.dll Identyfikator raportu: 51e603b0-bc93-11e0-8718-001e685ad07c Error - 2011-08-01 19:17:04 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: nero.exe, wersja: 6.6.1.4, sygnatura czasowa: 0x440c8e3c Nazwa modułu powodującego błąd: msa.dll, wersja: 2.0.9.37, sygnatura czasowa: 0x43a99a60 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002a975 Identyfikator procesu powodującego błąd: 0x3c0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cc50a11df70b20 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Ahead\nero\nero.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Common Files\Ahead\AudioPlugins\msa.dll Identyfikator raportu: 5d8dc260-bc94-11e0-8718-001e685ad07c Error - 2011-08-02 14:21:49 | Computer Name = HP | Source = System Restore | ID = 8193 Description = Error - 2011-08-08 06:00:15 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MovieMaker.exe, wersja: 15.4.3508.1109, sygnatura czasowa: 0x4cda7233 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0d01b5ed Identyfikator procesu powodującego błąd: 0xebc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc55b1e1237f10 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 364be900-c1a5-11e0-ac17-001e685ad07c Error - 2011-08-08 06:00:40 | Computer Name = HP | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MovieMaker.exe, wersja: 15.4.3508.1109, sygnatura czasowa: 0x4cda7233 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0bbab5ed Identyfikator procesu powodującego błąd: 0x9cc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc55b203100940 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 454befe0-c1a5-11e0-ac17-001e685ad07c Error - 2011-08-15 11:49:30 | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Program wtw.exe w wersji 0.8.16.2818 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 60c Godzina rozpoczęcia: 01cc5b54ec07cb40 Godzina zakończenia: 9 Ścieżka aplikacji: C:\Program Files\K2T\WTW\wtw.exe Identyfikator raportu: 26f4c63d-c756-11e0-a847-001e685ad07c Error - 2011-08-23 17:13:47 | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Program ALLUpdate.exe w wersji 1.1.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 990 Godzina rozpoczęcia: 01cc61d95c7d49b0 Godzina zakończenia: 47 Ścieżka aplikacji: C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe Identyfikator raportu: c5aabb71-cdcc-11e0-8383-001e685ad07c Error - 2011-08-26 03:27:09 | Computer Name = HP | Source = System Restore | ID = 8193 Description = Error - 2011-09-03 16:22:33 | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Program ALLUpdate.exe w wersji 1.1.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: b5c Godzina rozpoczęcia: 01cc6a771dacd420 Godzina zakończenia: 7 Ścieżka aplikacji: C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe Identyfikator raportu: 6ba68ef1-d66a-11e0-81be-001e685ad07c Error - 2011-09-07 17:30:17 | Computer Name = HP | Source = VSS | ID = 8194 Description = [ System Events ] Error - 2011-08-03 20:26:24 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:26 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:27 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:51 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:51 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. Error - 2011-08-03 20:29:51 | Computer Name = HP | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolume1. < End of report >

usb fix

Kod: Zaznacz wszystko: ############################## | UsbFix 7.058 | [Listing] User: Groov (Administrator) # HP [Hewlett-Packard HP Pavilion dv6700 Notebook PC] Updated 24/08/2011 by El Desaparecido Started at 17:42:53 | 08/09/2011 Website: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: contact@eldesaparecido.com CPU: AMD Turion(tm) 64 X2 Mobile Technology TL-64 CPU 2: AMD Turion(tm) 64 X2 Mobile Technology TL-64 Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 Internet Explorer 9.0.8112.16421 Windows Firewall: Enabled RAM -> 2047 Mb C:\ (%systemdrive%) -> Fixed drive # 53 Gb (10 Mb free - 18%) [] # NTFS D:\ -> Fixed drive # 180 Gb (71 Mb free - 40%) [] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 971 Mb (453 Mb free - 47%) [] # FAT ################## | Listing | [13/06/2011 - 22:17:31 | SHD ] C:\$Recycle.Bin [26/05/2011 - 00:00:55 | SHD ] C:\Boot [20/11/2010 - 14:40:07 | RASH | 383786] C:\bootmgr [15/05/2011 - 17:51:26 | RASH | 8192] C:\BOOTSECT.BAK [16/08/2011 - 22:36:53 | HD ] C:\Config.Msi [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings [08/08/2011 - 10:53:55 | SHD ] C:\found.000 [08/09/2011 - 17:18:52 | ASH | 1609814016] C:\hiberfil.sys [15/11/2009 - 17:03:29 | RHD ] C:\MSOCache [07/02/2010 - 23:28:06 | D ] C:\NVIDIA [08/09/2011 - 17:19:02 | ASH | 2146418688] C:\pagefile.sys [14/07/2009 - 05:20:08 | D ] C:\PerfLogs [16/08/2011 - 04:40:53 | RD ] C:\Program Files [07/09/2011 - 14:53:52 | RD ] C:\Program Files (x86) [07/09/2011 - 14:53:55 | HD ] C:\ProgramData [15/05/2011 - 17:16:07 | SHD ] C:\Recovery [13/11/2009 - 14:35:13 | A | 1643] C:\RHDSetup.log [14/06/2011 - 16:45:28 | D ] C:\Swsetup [08/09/2011 - 13:25:23 | SHD ] C:\System Volume Information [14/06/2011 - 16:45:44 | D ] C:\System.sav [13/05/2011 - 18:36:45 | D ] C:\totalcmd [07/09/2011 - 16:20:45 | D ] C:\UsbFix [08/09/2011 - 17:42:50 | A | 1933] C:\UsbFix.txt [14/06/2011 - 11:25:04 | RD ] C:\Users [07/09/2011 - 14:59:32 | D ] C:\Windows [15/05/2011 - 17:40:17 | D ] C:\Windows.old [20/09/2010 - 16:00:58 | D ] C:\WTablet [08/09/2011 - 17:11:15 | D ] C:\_OTL [13/06/2011 - 22:17:31 | SHD ] D:\$RECYCLE.BIN [13/02/2011 - 14:12:16 | SHD ] D:\Config.Msi [19/08/2011 - 17:24:03 | D ] D:\Diablo II [05/09/2011 - 19:45:49 | D ] D:\download [19/07/2011 - 17:05:16 | D ] D:\foty [03/09/2011 - 15:02:57 | D ] D:\Gadu-Gadu 10 [16/08/2011 - 23:02:09 | D ] D:\Guitar Pro 6 [23/08/2011 - 15:47:18 | D ] D:\mp3 [30/08/2011 - 21:58:47 | D ] D:\quake3 [15/08/2011 - 23:24:01 | A | 537641248] D:\siekierzyn.avi [22/08/2011 - 19:43:56 | D ] D:\Slipknot 1998.08.15 - Omaha, NE, USA [13/11/2009 - 13:36:28 | SHD ] D:\System Volume Information [09/07/2011 - 21:17:39 | D ] D:\Transformers.2007.PL.DVDRip.XViD-M14CH0 [21/08/2011 - 23:36:08 | D ] D:\UnrealTournament [09/07/2011 - 21:18:31 | D ] D:\[torrent-y.net]Transformers.2.Revenge.Of.The.Fallen.2009.PL.DVDRip.XViD-M14CH0 [07/09/2011 - 16:22:04 | AD ] F:\Images [07/09/2011 - 16:22:04 | AD ] F:\Videos [07/09/2011 - 16:22:04 | AD ] F:\Sounds [07/09/2011 - 15:20:00 | D ] F:\music [07/09/2011 - 16:22:04 | AD ] F:\Other files ################## | E.O.F |

**Posty:** 18165 · przez **wojtas** 08 Wrz 2011, 17:57

zabezpiecz komputer przed infekcją z pendriva. Odpal Usbfix i wciśnij Vaccinate.

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Java™ 6

to tyle

**Posty:** 4 · przez **marian43** 08 Wrz 2011, 18:04

dziękuje bardzo! a z tych ostatnich logów wynika, że póki co jest czysto?

tak.. bym napisał gdyby tak nie było

pozdro

Kto jest na forum