Krewna poprosiła mnie o pomoc, teraz ja proszę was
Jej komputer koszmarnie wolno chodzi pomimo niezłej konfiguracji sprzętowej. Prawdopodobnie pobrała jakiś syf przy próbie otworzenia pliku z AutoCADa... Przewinęła mi się nazwa LYRMIX. Użyłem malwarebytes anti-malware i adwcleanera, polepszały sytuację ale do restartu. Po walkach z rejestrem procesor się odciążył nieco, pamięć dalej zapchana. Proszę o sprawdzenie logów.GMER:
- Kod: Zaznacz wszystko
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-26 09:13:24
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542520K9SA00 rev.BBDOC33P 186,31GB
Running: e8ex0jqh.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[976] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000762e1a9e 4 bytes [C2, 04, 00, 00]
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- Threads - GMER 2.1 ----
Thread System [4:436] fffffa8004feeb70
Thread C:\Windows\System32\svchost.exe [332:1412] 000007fefb9f2d14
Thread C:\Windows\System32\svchost.exe [332:2512] 000007fefb9f9ab4
Thread C:\Windows\system32\svchost.exe [1168:1464] 000007fefbd1c534
Thread C:\Windows\system32\svchost.exe [1168:1784] 000007fefbd1c534
Thread C:\Windows\System32\spoolsv.exe [1740:2332] 000007fef9b113dc
Thread C:\Windows\System32\spoolsv.exe [1740:2336] 000007fef9b112ac
Thread C:\Windows\System32\spoolsv.exe [1740:2368] 000007fef8901c00
Thread C:\Windows\System32\spoolsv.exe [1740:2384] 000007fef88238a0
Thread C:\Windows\System32\spoolsv.exe [1740:2392] 000007fef88bbd78
Thread C:\Windows\System32\spoolsv.exe [1740:2396] 000007fef88bc4f8
Thread C:\Windows\System32\spoolsv.exe [1740:2400] 000007fef88c6844
Thread C:\Windows\System32\spoolsv.exe [1740:2432] 000007fef97ca704
Thread C:\Windows\Explorer.EXE [1840:3008] 000007fefced2148
Thread C:\Windows\Explorer.EXE [1840:3024] 000007fef7cc1604
Thread C:\Windows\Explorer.EXE [1840:3052] 000007fef7277478
Thread C:\Windows\Explorer.EXE [1840:2240] 000007fefc7e3ee0
Thread C:\Windows\Explorer.EXE [1840:2268] 000007fef7735ce8
Thread C:\Windows\Explorer.EXE [1840:2740] 000007fef7734460
Thread C:\Windows\Explorer.EXE [1840:1800] 000007fef88bbd78
Thread C:\Windows\Explorer.EXE [1840:2876] 000007fefaa16124
Thread C:\Windows\system32\WLANExt.exe [1848:1892] 000000018000ccf8
Thread C:\Windows\system32\WLANExt.exe [1848:1896] 000000018000cd14
Thread C:\Windows\system32\WLANExt.exe [1848:1900] 000000018000ccdc
Thread C:\Windows\system32\WLANExt.exe [1848:1904] 0000000180023bf0
Thread C:\Windows\system32\WLANExt.exe [1848:1908] 000007fefaa16124
Thread C:\Windows\system32\svchost.exe [1256:1348] 000007fef9b44b64
Thread C:\Windows\system32\svchost.exe [2128:2288] 000007fef88bbd78
Thread C:\Windows\system32\svchost.exe [2128:2364] 000007fef88bc4f8
Thread C:\Windows\system32\svchost.exe [2128:2372] 000007fef88c6844
Thread C:\Windows\System32\svchost.exe [2196:2244] 000007fef90e6cbc
Thread C:\Windows\system32\SearchIndexer.exe [2220:732] 000007fef7e239f0
Thread C:\Windows\system32\taskeng.exe [2528:1612] 000007fef75da26c
Thread C:\Windows\system32\taskeng.exe [2528:2536] 000007fef75d36d0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2832:2896] 000007fefc57b8ec
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2832:2136] 000007fefaa16124
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015830f8a62
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{43e9b7d5-84f0-4114-8264-1eb0595d133b}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015830f8a62 (not active ControlSet)
---- EOF - GMER 2.1 ----
OTL.txt
- Kod: Zaznacz wszystko
OTL logfile created on: 2013-07-26 09:23:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,87 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 27,15% Memory free
3,99 Gb Paging File | 2,25 Gb Available in Paging File | 56,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 1,01 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive D: | 106,70 Gb Total Space | 103,22 Gb Free Space | 96,73% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-07-26 09:20:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013-07-09 15:27:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-06-12 09:27:49 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009-10-14 18:44:40 | 000,282,624 | R--- | M] (France Telecom SA) -- C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
PRC - [2009-10-14 17:44:38 | 000,094,208 | ---- | M] (France Telecom SA) -- C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2009-10-14 17:44:38 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2008-01-19 09:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2007-11-14 12:54:24 | 002,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files (x86)\Gadu-Gadu\gg.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-07-09 15:27:43 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-06-12 09:27:41 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2007-11-14 12:11:46 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libiax2.dll
MOD - [2007-11-14 12:11:42 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libjb.dll
MOD - [2007-10-25 13:51:16 | 000,198,656 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libcurl.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2009-05-14 15:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2008-02-26 05:09:18 | 000,851,456 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:[b]64bit:[/b] - [2008-01-19 10:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-07-09 15:27:46 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009-10-14 17:44:38 | 000,090,112 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009-03-30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-05-31 20:08:47 | 000,550,136 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013-05-06 15:00:55 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:[b]64bit:[/b] - [2013-02-12 04:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:[b]64bit:[/b] - [2012-02-29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-08-04 13:04:28 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2009-08-04 13:04:28 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV:[b]64bit:[/b] - [2009-05-14 15:49:52 | 000,120,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV:[b]64bit:[/b] - [2009-05-14 15:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009-05-14 15:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2009-04-22 19:28:36 | 001,388,032 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009-04-11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2008-02-26 07:53:49 | 004,222,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2008-01-19 08:47:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2008-01-19 08:38:16 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:[b]64bit:[/b] - [2007-10-12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\amdide64.sys -- (amdide64)
DRV:[b]64bit:[/b] - [2007-04-30 14:42:26 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2007-03-26 20:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2007-03-19 13:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:[b]64bit:[/b] - [2007-02-27 17:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:[b]64bit:[/b] - [2006-11-07 17:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2006-09-18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_pl
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\..\SearchScopes\{CDFC4385-841F-4CEC-8CBC-3CC0F4EFD171}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=^F4&apn_dtid=^YYYYYY^YY^NL&apn_uid=45b84007-3e00-4d56-9941-528cd8922f3d&apn_sauid=E5446D4B-966F-4B1E-A51F-9CF1DD611CB7
IE - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: SignPlugin%40pekao.pl:1.3.0.84
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-17 19:30:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-07-29 14:15:56 | 000,000,000 | ---D | M]
[2009-06-28 18:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013-07-25 19:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\qbzgdaax.default\extensions
[2011-10-16 18:50:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\qbzgdaax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-12-19 20:48:11 | 000,000,000 | ---D | M] (PEKAO S.A. Sign Plugin) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\qbzgdaax.default\extensions\SignPlugin@pekao.pl
[2012-12-13 16:49:25 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\qbzgdaax.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2013-07-25 19:37:10 | 000,002,408 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\qbzgdaax.default\searchplugins\askcom.xml
[2013-05-24 17:49:14 | 000,006,503 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\qbzgdaax.default\searchplugins\babylon.xml
[2013-05-24 17:53:36 | 000,001,294 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\qbzgdaax.default\searchplugins\delta.xml
[2013-05-25 11:15:02 | 000,009,631 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\qbzgdaax.default\searchplugins\my-web-search.xml
[2013-05-24 17:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013-05-17 09:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-07-09 15:27:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BEWINTERNET-PLSessionManager] C:\Users\user\Documents\Nowy folder\Instalacje Orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI1752_1552] C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8:[b]64bit:[/b] - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4176097981-1369824156-4142506894-1000\..Trusted Domains: pekaobiznes24.pl ([www] https in Trusted sites)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/sme/static/components/1,3,0,82/SignActivXPEKAO.cab (SignActivX Control)
O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} http://83.18.110.82:8880/activex/VideoControl.cab (VideoControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10211D78-44DA-4F66-8BA9-AF3282EF8176}: DhcpNameServer = 62.233.233.233 87.204.204.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14F43561-A761-4147-8CC1-D4FD9EC9EF46}: DhcpNameServer = 62.179.1.63 62.179.1.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978B9A7F-D0B6-447A-9106-3BA5AAC48480}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{415885c5-1232-11de-bca6-c23a7ba9658b}\Shell - "" = AutoRun
O33 - MountPoints2\{415885c5-1232-11de-bca6-c23a7ba9658b}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{5f250b5a-2602-11df-a8cc-ca47bdeb418e}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{5f250b5a-2602-11df-a8cc-ca47bdeb418e}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{5f250b63-2602-11df-a8cc-ca47bdeb418e}\Shell - "" = AutoRun
O33 - MountPoints2\{5f250b63-2602-11df-a8cc-ca47bdeb418e}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{85980937-c2e1-11de-9a18-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{85980937-c2e1-11de-9a18-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{8cf7f3a0-1460-11e1-ad6f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8cf7f3a0-1460-11e1-ad6f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{96ef6252-643d-11df-ac81-a787d4e7cb8f}\Shell - "" = AutoRun
O33 - MountPoints2\{96ef6252-643d-11df-ac81-a787d4e7cb8f}\Shell\AutoRun\command - "" = F:\MicroLauncher.exe
O33 - MountPoints2\{9e6f7e53-74ea-11e2-bff6-fec9dec418b5}\Shell - "" = AutoRun
O33 - MountPoints2\{9e6f7e53-74ea-11e2-bff6-fec9dec418b5}\Shell\AutoRun\command - "" = F:\MicroLauncher.exe
O33 - MountPoints2\{cf210f74-75b0-11e2-bb8b-8fd60cb020d7}\Shell - "" = AutoRun
O33 - MountPoints2\{cf210f74-75b0-11e2-bb8b-8fd60cb020d7}\Shell\AutoRun\command - "" = F:\MicroLauncher.exe
O33 - MountPoints2\{d8d5e8a6-ccc5-11df-9f2b-cd2d6801da8d}\Shell - "" = AutoRun
O33 - MountPoints2\{d8d5e8a6-ccc5-11df-9f2b-cd2d6801da8d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f6ffcf56-74f1-11e2-9997-b3cd33c3df8a}\Shell - "" = AutoRun
O33 - MountPoints2\{f6ffcf56-74f1-11e2-9997-b3cd33c3df8a}\Shell\AutoRun\command - "" = F:\MicroLauncher.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-07-25 20:22:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013-07-25 20:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-07-25 20:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-07-25 20:22:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-07-25 20:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-07-16 09:02:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013-07-14 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Foxit Software
[2013-07-10 22:11:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-07-10 22:11:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-07-10 22:11:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-07-10 22:11:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-07-10 22:11:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-07-10 22:11:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-07-10 22:11:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-07-10 22:10:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-07-10 22:10:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-07-10 22:10:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-07-10 22:10:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-07-10 22:10:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-07-10 22:10:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-07-10 22:10:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-07-10 22:10:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-07-10 10:16:24 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013-07-10 10:16:24 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013-07-10 10:14:40 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013-07-10 10:14:37 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013-07-10 10:14:37 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013-07-10 10:14:32 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013-07-10 10:14:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013-07-10 10:14:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013-07-10 10:14:31 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013-07-10 10:14:29 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013-07-10 10:14:18 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013-07-10 10:14:16 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-07-26 09:23:10 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-07-26 08:59:41 | 000,005,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-26 08:59:41 | 000,005,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-25 21:48:06 | 000,665,272 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-07-25 21:48:06 | 000,590,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-07-25 21:48:06 | 000,128,164 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-07-25 21:48:06 | 000,102,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-07-25 21:48:04 | 001,477,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-07-25 21:00:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013-07-25 20:59:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013-07-25 20:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-25 20:59:25 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2013-07-25 20:57:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-07-25 20:22:47 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-07-15 14:12:55 | 004,018,079 | ---- | M] () -- C:\Users\user\Desktop\Balice.png
[2013-07-15 10:00:07 | 000,848,255 | R--- | M] () -- C:\Users\user\Desktop\SENAT_KasetonFrezowanyLed-1.pdf
[2013-07-15 09:55:19 | 003,199,882 | ---- | M] () -- C:\Users\user\Desktop\kaseton+250x80.png
[2013-07-12 16:12:37 | 000,388,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-07-25 20:22:47 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-07-15 14:12:32 | 004,018,079 | ---- | C] () -- C:\Users\user\Desktop\Balice.png
[2013-07-15 10:02:25 | 000,848,255 | R--- | C] () -- C:\Users\user\Desktop\SENAT_KasetonFrezowanyLed-1.pdf
[2013-07-15 09:54:46 | 003,199,882 | ---- | C] () -- C:\Users\user\Desktop\kaseton+250x80.png
[2012-12-03 18:19:43 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012-12-03 18:17:20 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012-12-03 18:15:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-12-03 18:13:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011-09-06 17:51:37 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2011-01-03 21:17:15 | 000,004,096 | -H-- | C] () -- C:\Users\user\AppData\Local\keyfile3.drm
[2009-11-23 12:12:52 | 000,000,012 | ---- | C] () -- C:\Users\user\intlname.ols
[2008-03-27 20:08:15 | 000,029,696 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-02-29 23:12:20 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Roaming\AVSDVDPlayer.m3u
[2008-02-29 23:12:17 | 000,000,552 | ---- | C] () -- C:\Users\user\AppData\Local\d3d8caps.dat
[2008-02-29 20:30:55 | 000,000,732 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2006-11-02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-04-11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008-01-19 10:04:26 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013-07-25 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BabSolution
[2013-05-24 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2013-05-24 18:12:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DealPly
[2013-06-22 11:45:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\File Scout
[2013-07-14 12:29:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software
[2008-03-27 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gadu-Gadu
[2008-08-16 20:09:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InterTrust
[2009-10-14 16:38:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView
[2008-07-18 11:19:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2008-08-21 18:39:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
[2012-11-16 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++
[2009-05-07 21:19:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nowe Gadu-Gadu
[2009-07-25 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.ux.pl2
[2008-08-21 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2008-02-29 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013-07-24 17:42:21 | 000,000,000 | ---D | M](C:\ProgramData\?L?L3-40C5-AD09-953C574F14BCÄL?L) -- C:\ProgramData\蜘£㺀£3-40C5-AD09-953C574F14BCÄ£㞠£
[2013-07-24 17:42:21 | 000,000,000 | ---D | M](C:\ProgramData\?L?L3-40C5-AD09-953C574F14BCÄL?L) -- C:\ProgramData\蜘£㺀£3-40C5-AD09-953C574F14BCÄ£㞠£
[2013-07-24 17:42:21 | 000,000,000 | ---D | C](C:\ProgramData\?L?L3-40C5-AD09-953C574F14BCÄL?L) -- C:\ProgramData\蜘£㺀£3-40C5-AD09-953C574F14BCÄ£㞠£
[2013-07-24 11:05:49 | 000,000,000 | ---D | M](C:\ProgramData\?o?o3-40C5-AD09-953C574F14BCÄo?o) -- C:\ProgramData\蜘ø㺀ø3-40C5-AD09-953C574F14BCÄø㞠ø
[2013-07-24 11:05:49 | 000,000,000 | ---D | M](C:\ProgramData\?o?o3-40C5-AD09-953C574F14BCÄo?o) -- C:\ProgramData\蜘ø㺀ø3-40C5-AD09-953C574F14BCÄø㞠ø
[2013-07-24 11:05:49 | 000,000,000 | ---D | C](C:\ProgramData\?o?o3-40C5-AD09-953C574F14BCÄo?o) -- C:\ProgramData\蜘ø㺀ø3-40C5-AD09-953C574F14BCÄø㞠ø
[2013-07-23 22:33:28 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʔ㺀ʔ3-40C5-AD09-953C574F14BCÄʔ㞠ʔ
[2013-07-23 22:33:28 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʔ㺀ʔ3-40C5-AD09-953C574F14BCÄʔ㞠ʔ
[2013-07-23 22:33:28 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʔ㺀ʔ3-40C5-AD09-953C574F14BCÄʔ㞠ʔ
[2013-07-23 21:23:23 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɰ㺀ɰ3-40C5-AD09-953C574F14BCÄɰ㞠ɰ
[2013-07-23 21:23:23 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɰ㺀ɰ3-40C5-AD09-953C574F14BCÄɰ㞠ɰ
[2013-07-23 21:23:23 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɰ㺀ɰ3-40C5-AD09-953C574F14BCÄɰ㞠ɰ
[2013-07-22 19:09:48 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɿ㺀ɿ3-40C5-AD09-953C574F14BCÄɿ㞠ɿ
[2013-07-22 19:09:48 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɿ㺀ɿ3-40C5-AD09-953C574F14BCÄɿ㞠ɿ
[2013-07-22 19:09:48 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɿ㺀ɿ3-40C5-AD09-953C574F14BCÄɿ㞠ɿ
[2013-07-22 15:47:53 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʘ㺀ʘ3-40C5-AD09-953C574F14BCÄʘ㞠ʘ
[2013-07-22 15:47:53 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʘ㺀ʘ3-40C5-AD09-953C574F14BCÄʘ㞠ʘ
[2013-07-22 15:47:53 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʘ㺀ʘ3-40C5-AD09-953C574F14BCÄʘ㞠ʘ
[2013-07-22 09:45:58 | 000,000,000 | ---D | M](C:\ProgramData\?·?·3-40C5-AD09-953C574F14BCÄ·?·) -- C:\ProgramData\蜘·㺀·3-40C5-AD09-953C574F14BCÄ·㞠·
[2013-07-22 09:45:58 | 000,000,000 | ---D | M](C:\ProgramData\?·?·3-40C5-AD09-953C574F14BCÄ·?·) -- C:\ProgramData\蜘·㺀·3-40C5-AD09-953C574F14BCÄ·㞠·
[2013-07-22 09:45:58 | 000,000,000 | ---D | C](C:\ProgramData\?·?·3-40C5-AD09-953C574F14BCÄ·?·) -- C:\ProgramData\蜘·㺀·3-40C5-AD09-953C574F14BCÄ·㞠·
[2013-07-20 08:33:50 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɽ㺀ɽ3-40C5-AD09-953C574F14BCÄɽ㞠ɽ
[2013-07-20 08:33:50 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɽ㺀ɽ3-40C5-AD09-953C574F14BCÄɽ㞠ɽ
[2013-07-20 08:33:50 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɽ㺀ɽ3-40C5-AD09-953C574F14BCÄɽ㞠ɽ
[2013-07-19 09:42:09 | 000,000,000 | ---D | M](C:\ProgramData\?Ú?Ú3-40C5-AD09-953C574F14BCÄÚ?Ú) -- C:\ProgramData\蜘Ú㺀Ú3-40C5-AD09-953C574F14BCÄÚ㞠Ú
[2013-07-19 09:42:09 | 000,000,000 | ---D | M](C:\ProgramData\?Ú?Ú3-40C5-AD09-953C574F14BCÄÚ?Ú) -- C:\ProgramData\蜘Ú㺀Ú3-40C5-AD09-953C574F14BCÄÚ㞠Ú
[2013-07-19 09:42:09 | 000,000,000 | ---D | C](C:\ProgramData\?Ú?Ú3-40C5-AD09-953C574F14BCÄÚ?Ú) -- C:\ProgramData\蜘Ú㺀Ú3-40C5-AD09-953C574F14BCÄÚ㞠Ú
[2013-07-18 21:34:24 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɩ㺀ɩ3-40C5-AD09-953C574F14BCÄɩ㞠ɩ
[2013-07-18 21:34:24 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɩ㺀ɩ3-40C5-AD09-953C574F14BCÄɩ㞠ɩ
[2013-07-18 21:34:24 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɩ㺀ɩ3-40C5-AD09-953C574F14BCÄɩ㞠ɩ
[2013-07-17 13:51:45 | 000,000,000 | ---D | M](C:\ProgramData\?í?í3-40C5-AD09-953C574F14BCÄí?í) -- C:\ProgramData\蜘í㺀í3-40C5-AD09-953C574F14BCÄí㞠í
[2013-07-17 13:51:45 | 000,000,000 | ---D | M](C:\ProgramData\?í?í3-40C5-AD09-953C574F14BCÄí?í) -- C:\ProgramData\蜘í㺀í3-40C5-AD09-953C574F14BCÄí㞠í
[2013-07-17 13:51:45 | 000,000,000 | ---D | C](C:\ProgramData\?í?í3-40C5-AD09-953C574F14BCÄí?í) -- C:\ProgramData\蜘í㺀í3-40C5-AD09-953C574F14BCÄí㞠í
[2013-07-17 09:16:56 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʈ㺀ʈ3-40C5-AD09-953C574F14BCÄʈ㞠ʈ
[2013-07-17 09:16:56 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʈ㺀ʈ3-40C5-AD09-953C574F14BCÄʈ㞠ʈ
[2013-07-17 09:16:56 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʈ㺀ʈ3-40C5-AD09-953C574F14BCÄʈ㞠ʈ
[2013-07-17 00:19:38 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʖ㺀ʖ3-40C5-AD09-953C574F14BCÄʖ㞠ʖ
[2013-07-17 00:19:38 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʖ㺀ʖ3-40C5-AD09-953C574F14BCÄʖ㞠ʖ
[2013-07-17 00:19:38 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʖ㺀ʖ3-40C5-AD09-953C574F14BCÄʖ㞠ʖ
[2013-07-15 13:32:10 | 000,000,000 | ---D | M](C:\ProgramData\?G?G3-40C5-AD09-953C574F14BCÄG?G) -- C:\ProgramData\蜘G㺀G3-40C5-AD09-953C574F14BCÄG㞠G
[2013-07-15 13:32:10 | 000,000,000 | ---D | M](C:\ProgramData\?G?G3-40C5-AD09-953C574F14BCÄG?G) -- C:\ProgramData\蜘G㺀G3-40C5-AD09-953C574F14BCÄG㞠G
[2013-07-15 13:32:10 | 000,000,000 | ---D | C](C:\ProgramData\?G?G3-40C5-AD09-953C574F14BCÄG?G) -- C:\ProgramData\蜘G㺀G3-40C5-AD09-953C574F14BCÄG㞠G
[2013-07-15 11:07:36 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʥ㺀ʥ3-40C5-AD09-953C574F14BCÄʥ㞠ʥ
[2013-07-15 11:07:36 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʥ㺀ʥ3-40C5-AD09-953C574F14BCÄʥ㞠ʥ
[2013-07-15 11:07:36 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʥ㺀ʥ3-40C5-AD09-953C574F14BCÄʥ㞠ʥ
[2013-07-14 11:30:48 | 000,000,000 | ---D | M](C:\ProgramData\?C?C3-40C5-AD09-953C574F14BCÄC?C) -- C:\ProgramData\蜘C㺀C3-40C5-AD09-953C574F14BCÄC㞠C
[2013-07-14 11:30:48 | 000,000,000 | ---D | M](C:\ProgramData\?C?C3-40C5-AD09-953C574F14BCÄC?C) -- C:\ProgramData\蜘C㺀C3-40C5-AD09-953C574F14BCÄC㞠C
[2013-07-14 11:30:48 | 000,000,000 | ---D | C](C:\ProgramData\?C?C3-40C5-AD09-953C574F14BCÄC?C) -- C:\ProgramData\蜘C㺀C3-40C5-AD09-953C574F14BCÄC㞠C
[2013-07-12 16:38:19 | 000,000,000 | ---D | M](C:\ProgramData\?0?03-40C5-AD09-953C574F14BCÄ0?0) -- C:\ProgramData\蜘0㺀03-40C5-AD09-953C574F14BCÄ0㞠0
[2013-07-12 16:38:19 | 000,000,000 | ---D | M](C:\ProgramData\?0?03-40C5-AD09-953C574F14BCÄ0?0) -- C:\ProgramData\蜘0㺀03-40C5-AD09-953C574F14BCÄ0㞠0
[2013-07-12 16:38:19 | 000,000,000 | ---D | C](C:\ProgramData\?0?03-40C5-AD09-953C574F14BCÄ0?0) -- C:\ProgramData\蜘0㺀03-40C5-AD09-953C574F14BCÄ0㞠0
[2013-07-12 16:15:00 | 000,000,000 | ---D | M](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘à㺀à3-40C5-AD09-953C574F14BCÄà㞠à
[2013-07-12 16:15:00 | 000,000,000 | ---D | M](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘à㺀à3-40C5-AD09-953C574F14BCÄà㞠à
[2013-07-12 16:15:00 | 000,000,000 | ---D | C](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘à㺀à3-40C5-AD09-953C574F14BCÄà㞠à
[2013-07-10 17:16:48 | 000,000,000 | ---D | M](C:\ProgramData\?A?A3-40C5-AD09-953C574F14BCÄA?A) -- C:\ProgramData\蜘Æ㺀Æ3-40C5-AD09-953C574F14BCÄÆ㞠Æ
[2013-07-10 17:16:48 | 000,000,000 | ---D | M](C:\ProgramData\?A?A3-40C5-AD09-953C574F14BCÄA?A) -- C:\ProgramData\蜘Æ㺀Æ3-40C5-AD09-953C574F14BCÄÆ㞠Æ
[2013-07-10 17:16:48 | 000,000,000 | ---D | C](C:\ProgramData\?A?A3-40C5-AD09-953C574F14BCÄA?A) -- C:\ProgramData\蜘Æ㺀Æ3-40C5-AD09-953C574F14BCÄÆ㞠Æ
[2013-07-10 09:01:17 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɱ㺀ɱ3-40C5-AD09-953C574F14BCÄɱ㞠ɱ
[2013-07-10 09:01:17 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɱ㺀ɱ3-40C5-AD09-953C574F14BCÄɱ㞠ɱ
[2013-07-10 09:01:17 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɱ㺀ɱ3-40C5-AD09-953C574F14BCÄɱ㞠ɱ
[2013-07-09 08:26:05 | 000,000,000 | ---D | M](C:\ProgramData\?ä?ä3-40C5-AD09-953C574F14BCÄä?ä) -- C:\ProgramData\蜘ä㺀ä3-40C5-AD09-953C574F14BCÄä㞠ä
[2013-07-09 08:26:05 | 000,000,000 | ---D | M](C:\ProgramData\?ä?ä3-40C5-AD09-953C574F14BCÄä?ä) -- C:\ProgramData\蜘ä㺀ä3-40C5-AD09-953C574F14BCÄä㞠ä
[2013-07-09 08:26:05 | 000,000,000 | ---D | C](C:\ProgramData\?ä?ä3-40C5-AD09-953C574F14BCÄä?ä) -- C:\ProgramData\蜘ä㺀ä3-40C5-AD09-953C574F14BCÄä㞠ä
[2013-07-06 16:18:14 | 000,000,000 | ---D | M](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘å㺀å3-40C5-AD09-953C574F14BCÄå㞠å
[2013-07-06 16:18:14 | 000,000,000 | ---D | M](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘å㺀å3-40C5-AD09-953C574F14BCÄå㞠å
[2013-07-06 16:18:14 | 000,000,000 | ---D | C](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘å㺀å3-40C5-AD09-953C574F14BCÄå㞠å
[2013-07-06 13:11:02 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ɇ㺀Ɇ3-40C5-AD09-953C574F14BCÄɆ㞠Ɇ
[2013-07-06 13:11:02 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ɇ㺀Ɇ3-40C5-AD09-953C574F14BCÄɆ㞠Ɇ
[2013-07-06 13:11:02 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ɇ㺀Ɇ3-40C5-AD09-953C574F14BCÄɆ㞠Ɇ
[2013-07-06 11:18:04 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʇ㺀ʇ3-40C5-AD09-953C574F14BCÄʇ㞠ʇ
[2013-07-06 11:18:04 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʇ㺀ʇ3-40C5-AD09-953C574F14BCÄʇ㞠ʇ
[2013-07-06 11:18:04 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʇ㺀ʇ3-40C5-AD09-953C574F14BCÄʇ㞠ʇ
[2013-07-04 06:54:27 | 000,000,000 | ---D | M](C:\ProgramData\?.?.3-40C5-AD09-953C574F14BCÄ.?) -- C:\ProgramData\蜘.㺀.3-40C5-AD09-953C574F14BCÄ.㞠
[2013-07-04 06:54:27 | 000,000,000 | ---D | M](C:\ProgramData\?.?.3-40C5-AD09-953C574F14BCÄ.?) -- C:\ProgramData\蜘.㺀.3-40C5-AD09-953C574F14BCÄ.㞠
[2013-07-04 06:54:27 | 000,000,000 | ---D | C](C:\ProgramData\?.?.3-40C5-AD09-953C574F14BCÄ.?) -- C:\ProgramData\蜘.㺀.3-40C5-AD09-953C574F14BCÄ.㞠
[2013-07-02 21:14:18 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʚ㺀ʚ3-40C5-AD09-953C574F14BCÄʚ㞠ʚ
[2013-07-02 21:14:18 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʚ㺀ʚ3-40C5-AD09-953C574F14BCÄʚ㞠ʚ
[2013-07-02 21:14:18 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʚ㺀ʚ3-40C5-AD09-953C574F14BCÄʚ㞠ʚ
[2013-07-02 11:04:53 | 000,000,000 | ---D | M](C:\ProgramData\?e?e3-40C5-AD09-953C574F14BCÄe?e) -- C:\ProgramData\蜘ė㺀ė3-40C5-AD09-953C574F14BCÄė㞠ė
[2013-07-02 11:04:53 | 000,000,000 | ---D | M](C:\ProgramData\?e?e3-40C5-AD09-953C574F14BCÄe?e) -- C:\ProgramData\蜘ė㺀ė3-40C5-AD09-953C574F14BCÄė㞠ė
[2013-07-02 11:04:53 | 000,000,000 | ---D | C](C:\ProgramData\?e?e3-40C5-AD09-953C574F14BCÄe?e) -- C:\ProgramData\蜘ė㺀ė3-40C5-AD09-953C574F14BCÄė㞠ė
[2013-07-01 09:50:54 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɲ㺀ɲ3-40C5-AD09-953C574F14BCÄɲ㞠ɲ
[2013-07-01 09:50:54 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɲ㺀ɲ3-40C5-AD09-953C574F14BCÄɲ㞠ɲ
[2013-07-01 09:50:54 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɲ㺀ɲ3-40C5-AD09-953C574F14BCÄɲ㞠ɲ
[2013-06-25 19:55:01 | 000,000,000 | ---D | M](C:\ProgramData\?i?i3-40C5-AD09-953C574F14BCÄi?i) -- C:\ProgramData\蜘i㺀i3-40C5-AD09-953C574F14BCÄi㞠i
[2013-06-25 19:55:01 | 000,000,000 | ---D | M](C:\ProgramData\?i?i3-40C5-AD09-953C574F14BCÄi?i) -- C:\ProgramData\蜘i㺀i3-40C5-AD09-953C574F14BCÄi㞠i
[2013-06-25 12:27:10 | 000,000,000 | ---D | M](C:\ProgramData\?U?U3-40C5-AD09-953C574F14BCÄU?U) -- C:\ProgramData\蜘U㺀U3-40C5-AD09-953C574F14BCÄU㞠U
[2013-06-25 12:27:10 | 000,000,000 | ---D | M](C:\ProgramData\?U?U3-40C5-AD09-953C574F14BCÄU?U) -- C:\ProgramData\蜘U㺀U3-40C5-AD09-953C574F14BCÄU㞠U
[2013-06-24 19:44:32 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɮ㺀ɮ3-40C5-AD09-953C574F14BCÄɮ㞠ɮ
[2013-06-24 19:44:32 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɮ㺀ɮ3-40C5-AD09-953C574F14BCÄɮ㞠ɮ
[2013-06-24 09:13:59 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɹ㺀ɹ3-40C5-AD09-953C574F14BCÄɹ㞠ɹ
[2013-06-24 09:13:59 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɹ㺀ɹ3-40C5-AD09-953C574F14BCÄɹ㞠ɹ
[2013-06-24 08:34:47 | 000,000,000 | ---D | M](C:\ProgramData\?[?[3-40C5-AD09-953C574F14BCÄ[?[) -- C:\ProgramData\蜘[㺀[3-40C5-AD09-953C574F14BCÄ[㞠[
[2013-06-24 08:34:47 | 000,000,000 | ---D | M](C:\ProgramData\?[?[3-40C5-AD09-953C574F14BCÄ[?[) -- C:\ProgramData\蜘[㺀[3-40C5-AD09-953C574F14BCÄ[㞠[
[2013-06-22 10:45:36 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȼ㺀Ȼ3-40C5-AD09-953C574F14BCÄȻ㞠Ȼ
[2013-06-22 10:45:36 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȼ㺀Ȼ3-40C5-AD09-953C574F14BCÄȻ㞠Ȼ
[2013-06-20 22:24:09 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɕ㺀ɕ3-40C5-AD09-953C574F14BCÄɕ㞠ɕ
[2013-06-20 22:24:09 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɕ㺀ɕ3-40C5-AD09-953C574F14BCÄɕ㞠ɕ
[2013-06-19 14:54:21 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɳ㺀ɳ3-40C5-AD09-953C574F14BCÄɳ㞠ɳ
[2013-06-19 14:54:21 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɳ㺀ɳ3-40C5-AD09-953C574F14BCÄɳ㞠ɳ
[2013-06-19 10:28:03 | 000,000,000 | ---D | M](C:\ProgramData\?$?$3-40C5-AD09-953C574F14BCÄ$?$) -- C:\ProgramData\蜘$㺀$3-40C5-AD09-953C574F14BCÄ$㞠$
[2013-06-19 10:28:03 | 000,000,000 | ---D | M](C:\ProgramData\?$?$3-40C5-AD09-953C574F14BCÄ$?$) -- C:\ProgramData\蜘$㺀$3-40C5-AD09-953C574F14BCÄ$㞠$
[2013-06-18 11:11:38 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȭ㺀Ȭ3-40C5-AD09-953C574F14BCÄȬ㞠Ȭ
[2013-06-18 11:11:38 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȭ㺀Ȭ3-40C5-AD09-953C574F14BCÄȬ㞠Ȭ
[2013-06-18 08:18:38 | 000,000,000 | ---D | M](C:\ProgramData\?Z?Z3-40C5-AD09-953C574F14BCÄZ?Z) -- C:\ProgramData\蜘Z㺀Z3-40C5-AD09-953C574F14BCÄZ㞠Z
[2013-06-18 08:18:38 | 000,000,000 | ---D | M](C:\ProgramData\?Z?Z3-40C5-AD09-953C574F14BCÄZ?Z) -- C:\ProgramData\蜘Z㺀Z3-40C5-AD09-953C574F14BCÄZ㞠Z
[2013-06-17 11:39:20 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɉ㺀ɉ3-40C5-AD09-953C574F14BCÄɉ㞠ɉ
[2013-06-17 11:39:20 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɉ㺀ɉ3-40C5-AD09-953C574F14BCÄɉ㞠ɉ
[2013-06-16 09:55:07 | 000,000,000 | ---D | M](C:\ProgramData\?f?f3-40C5-AD09-953C574F14BCÄf?f) -- C:\ProgramData\蜘f㺀f3-40C5-AD09-953C574F14BCÄf㞠f
[2013-06-16 09:55:07 | 000,000,000 | ---D | M](C:\ProgramData\?f?f3-40C5-AD09-953C574F14BCÄf?f) -- C:\ProgramData\蜘f㺀f3-40C5-AD09-953C574F14BCÄf㞠f
[2013-06-15 10:18:49 | 000,000,000 | ---D | M](C:\ProgramData\?&?&3-40C5-AD09-953C574F14BCÄ&?&) -- C:\ProgramData\蜘&㺀&3-40C5-AD09-953C574F14BCÄ&㞠&
[2013-06-15 10:18:49 | 000,000,000 | ---D | M](C:\ProgramData\?&?&3-40C5-AD09-953C574F14BCÄ&?&) -- C:\ProgramData\蜘&㺀&3-40C5-AD09-953C574F14BCÄ&㞠&
[2013-06-14 18:02:00 | 000,000,000 | ---D | M](C:\ProgramData\?(?(3-40C5-AD09-953C574F14BCÄ(?() -- C:\ProgramData\蜘(㺀(3-40C5-AD09-953C574F14BCÄ(㞠(
[2013-06-14 18:02:00 | 000,000,000 | ---D | M](C:\ProgramData\?(?(3-40C5-AD09-953C574F14BCÄ(?() -- C:\ProgramData\蜘(㺀(3-40C5-AD09-953C574F14BCÄ(㞠(
[2013-06-14 13:57:08 | 000,000,000 | ---D | M](C:\ProgramData\?ě?ě3-40C5-AD09-953C574F14BCÄě?ě) -- C:\ProgramData\蜘ě㺀ě3-40C5-AD09-953C574F14BCÄě㞠ě
[2013-06-14 13:57:08 | 000,000,000 | ---D | M](C:\ProgramData\?ě?ě3-40C5-AD09-953C574F14BCÄě?ě) -- C:\ProgramData\蜘ě㺀ě3-40C5-AD09-953C574F14BCÄě㞠ě
[2013-06-14 09:52:44 | 000,000,000 | ---D | M](C:\ProgramData\?h?h3-40C5-AD09-953C574F14BCÄh?h) -- C:\ProgramData\蜘h㺀h3-40C5-AD09-953C574F14BCÄh㞠h
[2013-06-14 09:52:44 | 000,000,000 | ---D | M](C:\ProgramData\?h?h3-40C5-AD09-953C574F14BCÄh?h) -- C:\ProgramData\蜘h㺀h3-40C5-AD09-953C574F14BCÄh㞠h
[2013-06-12 15:14:39 | 000,000,000 | ---D | M](C:\ProgramData\?_?_3-40C5-AD09-953C574F14BCÄ_?_) -- C:\ProgramData\蜘_㺀_3-40C5-AD09-953C574F14BCÄ_㞠_
[2013-06-12 15:14:39 | 000,000,000 | ---D | M](C:\ProgramData\?_?_3-40C5-AD09-953C574F14BCÄ_?_) -- C:\ProgramData\蜘_㺀_3-40C5-AD09-953C574F14BCÄ_㞠_
[2013-06-11 21:51:42 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʡ㺀ʡ3-40C5-AD09-953C574F14BCÄʡ㞠ʡ
[2013-06-11 21:51:42 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʡ㺀ʡ3-40C5-AD09-953C574F14BCÄʡ㞠ʡ
[2013-06-10 14:58:05 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʮ㺀ʮ3-40C5-AD09-953C574F14BCÄʮ㞠ʮ
[2013-06-10 14:58:05 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʮ㺀ʮ3-40C5-AD09-953C574F14BCÄʮ㞠ʮ
[2013-06-10 09:45:53 | 000,000,000 | ---D | M](C:\ProgramData\?«?«3-40C5-AD09-953C574F14BCÄ«?«) -- C:\ProgramData\蜘«㺀«3-40C5-AD09-953C574F14BCÄ«㞠«
[2013-06-10 09:45:53 | 000,000,000 | ---D | M](C:\ProgramData\?«?«3-40C5-AD09-953C574F14BCÄ«?«) -- C:\ProgramData\蜘«㺀«3-40C5-AD09-953C574F14BCÄ«㞠«
[2013-06-09 10:13:41 | 000,000,000 | ---D | M](C:\ProgramData\?=?=3-40C5-AD09-953C574F14BCÄ=?=) -- C:\ProgramData\蜘=㺀=3-40C5-AD09-953C574F14BCÄ=㞠=
[2013-06-09 10:13:41 | 000,000,000 | ---D | M](C:\ProgramData\?=?=3-40C5-AD09-953C574F14BCÄ=?=) -- C:\ProgramData\蜘=㺀=3-40C5-AD09-953C574F14BCÄ=㞠=
[2013-06-07 08:52:57 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʗ㺀ʗ3-40C5-AD09-953C574F14BCÄʗ㞠ʗ
[2013-06-07 08:52:57 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʗ㺀ʗ3-40C5-AD09-953C574F14BCÄʗ㞠ʗ
[2013-06-06 14:20:45 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɛ㺀ɛ3-40C5-AD09-953C574F14BCÄɛ㞠ɛ
[2013-06-06 14:20:45 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɛ㺀ɛ3-40C5-AD09-953C574F14BCÄɛ㞠ɛ
[2013-06-06 11:51:55 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɾ㺀ɾ3-40C5-AD09-953C574F14BCÄɾ㞠ɾ
[2013-06-06 11:51:55 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɾ㺀ɾ3-40C5-AD09-953C574F14BCÄɾ㞠ɾ
[2013-06-06 09:02:34 | 000,000,000 | ---D | M](C:\ProgramData\?đ?đ3-40C5-AD09-953C574F14BCÄđ?đ) -- C:\ProgramData\蜘đ㺀đ3-40C5-AD09-953C574F14BCÄđ㞠đ
[2013-06-06 09:02:34 | 000,000,000 | ---D | M](C:\ProgramData\?đ?đ3-40C5-AD09-953C574F14BCÄđ?đ) -- C:\ProgramData\蜘đ㺀đ3-40C5-AD09-953C574F14BCÄđ㞠đ
[2013-06-04 23:27:45 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʒ㺀ʒ3-40C5-AD09-953C574F14BCÄʒ㞠ʒ
[2013-06-04 23:27:45 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʒ㺀ʒ3-40C5-AD09-953C574F14BCÄʒ㞠ʒ
[2013-06-04 17:40:11 | 000,000,000 | ---D | M](C:\ProgramData\?Y?Y3-40C5-AD09-953C574F14BCÄY?Y) -- C:\ProgramData\蜘Y㺀Y3-40C5-AD09-953C574F14BCÄY㞠Y
[2013-06-04 17:40:11 | 000,000,000 | ---D | M](C:\ProgramData\?Y?Y3-40C5-AD09-953C574F14BCÄY?Y) -- C:\ProgramData\蜘Y㺀Y3-40C5-AD09-953C574F14BCÄY㞠Y
[2013-06-04 11:39:17 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʑ㺀ʑ3-40C5-AD09-953C574F14BCÄʑ㞠ʑ
[2013-06-04 11:39:17 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʑ㺀ʑ3-40C5-AD09-953C574F14BCÄʑ㞠ʑ
[2013-06-04 09:30:33 | 000,000,000 | ---D | M](C:\ProgramData\?4?43-40C5-AD09-953C574F14BCÄ4?4) -- C:\ProgramData\蜘4㺀43-40C5-AD09-953C574F14BCÄ4㞠4
[2013-06-04 09:30:33 | 000,000,000 | ---D | M](C:\ProgramData\?4?43-40C5-AD09-953C574F14BCÄ4?4) -- C:\ProgramData\蜘4㺀43-40C5-AD09-953C574F14BCÄ4㞠4
[2013-06-03 21:04:15 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʁ㺀ʁ3-40C5-AD09-953C574F14BCÄʁ㞠ʁ
[2013-06-03 21:04:15 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʁ㺀ʁ3-40C5-AD09-953C574F14BCÄʁ㞠ʁ
[2013-06-03 11:24:50 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʟ㺀ʟ3-40C5-AD09-953C574F14BCÄʟ㞠ʟ
[2013-06-03 11:24:50 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʟ㺀ʟ3-40C5-AD09-953C574F14BCÄʟ㞠ʟ
[2013-06-03 11:07:31 | 000,000,000 | ---D | M](C:\ProgramData\?K?K3-40C5-AD09-953C574F14BCÄK?K) -- C:\ProgramData\蜘Ķ㺀Ķ3-40C5-AD09-953C574F14BCÄĶ㞠Ķ
[2013-06-03 11:07:31 | 000,000,000 | ---D | M](C:\ProgramData\?K?K3-40C5-AD09-953C574F14BCÄK?K) -- C:\ProgramData\蜘Ķ㺀Ķ3-40C5-AD09-953C574F14BCÄĶ㞠Ķ
[2013-06-03 10:50:39 | 000,000,000 | ---D | M](C:\ProgramData\?;?;3-40C5-AD09-953C574F14BCÄ;?;) -- C:\ProgramData\蜘;㺀;3-40C5-AD09-953C574F14BCÄ;㞠;
[2013-06-03 10:50:39 | 000,000,000 | ---D | M](C:\ProgramData\?;?;3-40C5-AD09-953C574F14BCÄ;?;) -- C:\ProgramData\蜘;㺀;3-40C5-AD09-953C574F14BCÄ;㞠;
[2013-06-03 10:27:32 | 000,000,000 | ---D | M](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘ã㺀ã3-40C5-AD09-953C574F14BCÄã㞠ã
[2013-06-03 10:27:32 | 000,000,000 | ---D | M](C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘ã㺀ã3-40C5-AD09-953C574F14BCÄã㞠ã
[2013-06-03 10:11:15 | 000,000,000 | ---D | M](C:\ProgramData\?@?@3-40C5-AD09-953C574F14BCÄ@?@) -- C:\ProgramData\蜘@㺀@3-40C5-AD09-953C574F14BCÄ@㞠@
[2013-06-03 10:11:15 | 000,000,000 | ---D | M](C:\ProgramData\?@?@3-40C5-AD09-953C574F14BCÄ@?@) -- C:\ProgramData\蜘@㺀@3-40C5-AD09-953C574F14BCÄ@㞠@
[2013-06-03 10:04:48 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȥ㺀Ȥ3-40C5-AD09-953C574F14BCÄȤ㞠Ȥ
[2013-06-03 10:04:48 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȥ㺀Ȥ3-40C5-AD09-953C574F14BCÄȤ㞠Ȥ
[2013-06-03 09:45:25 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʉ㺀ʉ3-40C5-AD09-953C574F14BCÄʉ㞠ʉ
[2013-06-03 09:45:25 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʉ㺀ʉ3-40C5-AD09-953C574F14BCÄʉ㞠ʉ
[2013-05-31 15:05:04 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʎ㺀ʎ3-40C5-AD09-953C574F14BCÄʎ㞠ʎ
[2013-05-31 15:05:04 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʎ㺀ʎ3-40C5-AD09-953C574F14BCÄʎ㞠ʎ
[2013-05-30 19:34:33 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʪ㺀ʪ3-40C5-AD09-953C574F14BCÄʪ㞠ʪ
[2013-05-30 19:34:33 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʪ㺀ʪ3-40C5-AD09-953C574F14BCÄʪ㞠ʪ
[2013-05-29 18:32:34 | 000,000,000 | ---D | M](C:\ProgramData\?Q?Q3-40C5-AD09-953C574F14BCÄQ?Q) -- C:\ProgramData\蜘Q㺀Q3-40C5-AD09-953C574F14BCÄQ㞠Q
[2013-05-29 18:32:34 | 000,000,000 | ---D | M](C:\ProgramData\?Q?Q3-40C5-AD09-953C574F14BCÄQ?Q) -- C:\ProgramData\蜘Q㺀Q3-40C5-AD09-953C574F14BCÄQ㞠Q
[2013-05-29 17:48:39 | 000,000,000 | ---D | M](C:\ProgramData\?7?73-40C5-AD09-953C574F14BCÄ7?7) -- C:\ProgramData\蜘7㺀73-40C5-AD09-953C574F14BCÄ7㞠7
[2013-05-29 17:48:39 | 000,000,000 | ---D | M](C:\ProgramData\?7?73-40C5-AD09-953C574F14BCÄ7?7) -- C:\ProgramData\蜘7㺀73-40C5-AD09-953C574F14BCÄ7㞠7
[2013-05-29 08:47:17 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɼ㺀ɼ3-40C5-AD09-953C574F14BCÄɼ㞠ɼ
[2013-05-29 08:47:17 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɼ㺀ɼ3-40C5-AD09-953C574F14BCÄɼ㞠ɼ
[2013-05-28 17:25:34 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɐ㺀ɐ3-40C5-AD09-953C574F14BCÄɐ㞠ɐ
[2013-05-28 17:25:34 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɐ㺀ɐ3-40C5-AD09-953C574F14BCÄɐ㞠ɐ
[2013-05-28 11:17:28 | 000,000,000 | ---D | M](C:\ProgramData\?)?)3-40C5-AD09-953C574F14BCÄ)?)) -- C:\ProgramData\蜘)㺀)3-40C5-AD09-953C574F14BCÄ)㞠)
[2013-05-28 11:17:28 | 000,000,000 | ---D | M](C:\ProgramData\?)?)3-40C5-AD09-953C574F14BCÄ)?)) -- C:\ProgramData\蜘)㺀)3-40C5-AD09-953C574F14BCÄ)㞠)
[2013-05-27 12:55:09 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʅ㺀ʅ3-40C5-AD09-953C574F14BCÄʅ㞠ʅ
[2013-05-27 12:55:09 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʅ㺀ʅ3-40C5-AD09-953C574F14BCÄʅ㞠ʅ
[2013-05-26 20:07:26 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɻ㺀ɻ3-40C5-AD09-953C574F14BCÄɻ㞠ɻ
[2013-05-26 20:07:26 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɻ㺀ɻ3-40C5-AD09-953C574F14BCÄɻ㞠ɻ
(C:\ProgramData\?Z?Z3-40C5-AD09-953C574F14BCÄZ?Z) -- C:\ProgramData\蜘Z㺀Z3-40C5-AD09-953C574F14BCÄZ㞠Z
(C:\ProgramData\?Y?Y3-40C5-AD09-953C574F14BCÄY?Y) -- C:\ProgramData\蜘Y㺀Y3-40C5-AD09-953C574F14BCÄY㞠Y
(C:\ProgramData\?U?U3-40C5-AD09-953C574F14BCÄU?U) -- C:\ProgramData\蜘U㺀U3-40C5-AD09-953C574F14BCÄU㞠U
(C:\ProgramData\?Q?Q3-40C5-AD09-953C574F14BCÄQ?Q) -- C:\ProgramData\蜘Q㺀Q3-40C5-AD09-953C574F14BCÄQ㞠Q
(C:\ProgramData\?K?K3-40C5-AD09-953C574F14BCÄK?K) -- C:\ProgramData\蜘Ķ㺀Ķ3-40C5-AD09-953C574F14BCÄĶ㞠Ķ
(C:\ProgramData\?i?i3-40C5-AD09-953C574F14BCÄi?i) -- C:\ProgramData\蜘i㺀i3-40C5-AD09-953C574F14BCÄi㞠i
(C:\ProgramData\?h?h3-40C5-AD09-953C574F14BCÄh?h) -- C:\ProgramData\蜘h㺀h3-40C5-AD09-953C574F14BCÄh㞠h
(C:\ProgramData\?f?f3-40C5-AD09-953C574F14BCÄf?f) -- C:\ProgramData\蜘f㺀f3-40C5-AD09-953C574F14BCÄf㞠f
(C:\ProgramData\?ě?ě3-40C5-AD09-953C574F14BCÄě?ě) -- C:\ProgramData\蜘ě㺀ě3-40C5-AD09-953C574F14BCÄě㞠ě
(C:\ProgramData\?đ?đ3-40C5-AD09-953C574F14BCÄđ?đ) -- C:\ProgramData\蜘đ㺀đ3-40C5-AD09-953C574F14BCÄđ㞠đ
(C:\ProgramData\?a?a3-40C5-AD09-953C574F14BCÄa?a) -- C:\ProgramData\蜘ã㺀ã3-40C5-AD09-953C574F14BCÄã㞠ã
(C:\ProgramData\?7?73-40C5-AD09-953C574F14BCÄ7?7) -- C:\ProgramData\蜘7㺀73-40C5-AD09-953C574F14BCÄ7㞠7
(C:\ProgramData\?4?43-40C5-AD09-953C574F14BCÄ4?4) -- C:\ProgramData\蜘4㺀43-40C5-AD09-953C574F14BCÄ4㞠4
(C:\ProgramData\?«?«3-40C5-AD09-953C574F14BCÄ«?«) -- C:\ProgramData\蜘«㺀«3-40C5-AD09-953C574F14BCÄ«㞠«
(C:\ProgramData\?=?=3-40C5-AD09-953C574F14BCÄ=?=) -- C:\ProgramData\蜘=㺀=3-40C5-AD09-953C574F14BCÄ=㞠=
(C:\ProgramData\?_?_3-40C5-AD09-953C574F14BCÄ_?_) -- C:\ProgramData\蜘_㺀_3-40C5-AD09-953C574F14BCÄ_㞠_
(C:\ProgramData\?[?[3-40C5-AD09-953C574F14BCÄ[?[) -- C:\ProgramData\蜘[㺀[3-40C5-AD09-953C574F14BCÄ[㞠[
(C:\ProgramData\?@?@3-40C5-AD09-953C574F14BCÄ@?@) -- C:\ProgramData\蜘@㺀@3-40C5-AD09-953C574F14BCÄ@㞠@
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʡ㺀ʡ3-40C5-AD09-953C574F14BCÄʡ㞠ʡ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʒ㺀ʒ3-40C5-AD09-953C574F14BCÄʒ㞠ʒ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʑ㺀ʑ3-40C5-AD09-953C574F14BCÄʑ㞠ʑ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȥ㺀Ȥ3-40C5-AD09-953C574F14BCÄȤ㞠Ȥ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʎ㺀ʎ3-40C5-AD09-953C574F14BCÄʎ㞠ʎ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʉ㺀ʉ3-40C5-AD09-953C574F14BCÄʉ㞠ʉ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʅ㺀ʅ3-40C5-AD09-953C574F14BCÄʅ㞠ʅ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɾ㺀ɾ3-40C5-AD09-953C574F14BCÄɾ㞠ɾ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɼ㺀ɼ3-40C5-AD09-953C574F14BCÄɼ㞠ɼ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɻ㺀ɻ3-40C5-AD09-953C574F14BCÄɻ㞠ɻ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɹ㺀ɹ3-40C5-AD09-953C574F14BCÄɹ㞠ɹ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȭ㺀Ȭ3-40C5-AD09-953C574F14BCÄȬ㞠Ȭ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɳ㺀ɳ3-40C5-AD09-953C574F14BCÄɳ㞠ɳ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɮ㺀ɮ3-40C5-AD09-953C574F14BCÄɮ㞠ɮ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʟ㺀ʟ3-40C5-AD09-953C574F14BCÄʟ㞠ʟ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʪ㺀ʪ3-40C5-AD09-953C574F14BCÄʪ㞠ʪ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɉ㺀ɉ3-40C5-AD09-953C574F14BCÄɉ㞠ɉ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʮ㺀ʮ3-40C5-AD09-953C574F14BCÄʮ㞠ʮ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɛ㺀ɛ3-40C5-AD09-953C574F14BCÄɛ㞠ɛ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ʗ㺀ʗ3-40C5-AD09-953C574F14BCÄʗ㞠ʗ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɕ㺀ɕ3-40C5-AD09-953C574F14BCÄɕ㞠ɕ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘Ȼ㺀Ȼ3-40C5-AD09-953C574F14BCÄȻ㞠Ȼ
(C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\蜘ɐ㺀ɐ3-40C5-AD09-953C574F14BCÄɐ㞠ɐ
(C:\ProgramData\?;?;3-40C5-AD09-953C574F14BCÄ;?;) -- C:\ProgramData\蜘;㺀;3-40C5-AD09-953C574F14BCÄ;㞠;
(C:\ProgramData\?)?)3-40C5-AD09-953C574F14BCÄ)?)) -- C:\ProgramData\蜘)㺀)3-40C5-AD09-953C574F14BCÄ)㞠)
(C:\ProgramData\?(?(3-40C5-AD09-953C574F14BCÄ(?() -- C:\ProgramData\蜘(㺀(3-40C5-AD09-953C574F14BCÄ(㞠(
(C:\ProgramData\?&?&3-40C5-AD09-953C574F14BCÄ&?&) -- C:\ProgramData\蜘&㺀&3-40C5-AD09-953C574F14BCÄ&㞠&
(C:\ProgramData\?$?$3-40C5-AD09-953C574F14BCÄ$?$) -- C:\ProgramData\蜘$㺀$3-40C5-AD09-953C574F14BCÄ$㞠$
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 981 bytes -> C:\Users\user\Documents\FW_ kampania Plaza Kraków 15-31_08_05.eml:OECustomProperty
@Alternate Data Stream - 813 bytes -> C:\Users\user\Documents\numerkiARCHITEKTURA.eml:OECustomProperty
< End of report >
extras.txt
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2013-07-26 09:23:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,87 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 27,15% Memory free
3,99 Gb Paging File | 2,25 Gb Available in Paging File | 56,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 1,01 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive D: | 106,70 Gb Total Space | 103,22 Gb Free Space | 96,73% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4176097981-1369824156-4142506894-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = F5 B9 1F 18 7D CD CD 01 [binary data]
"VistaSp2" = 6C 6A 3B 2E EA D5 CD 01 [binary data]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4176097981-1369824156-4142506894-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\user\Desktop\Connectivity\ConnectivityManager.exe" = C:\Users\user\Desktop\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"C:\Users\user\Documents\Nowy folder\Instalacje Orange\Connectivity\ConnectivityManager.exe" = C:\Users\user\Documents\Nowy folder\Instalacje Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Users\user\Desktop\Connectivity\ConnectivityManager.exe" = C:\Users\user\Desktop\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"C:\Users\user\Documents\Nowy folder\Instalacje Orange\Connectivity\ConnectivityManager.exe" = C:\Users\user\Documents\Nowy folder\Instalacje Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085C94D2-73DA-4964-BF1A-B1C21362DDDD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{96BB1A0D-F98D-4EDF-972C-39721DF6A4C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28AEF315-F703-40D9-A736-11A41E3CC3D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4D6CFC0A-D22E-4C9E-B3DD-B35ACDA870BB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{66EA7F95-0494-47CD-87F3-50F9588BECFE}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{823D80F7-EEB6-46F0-BE3B-FED3DA46F0DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{AB34AB45-726D-4499-A6A8-8DB05A908374}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D4AFC5E1-5904-4AAF-BAB7-027E3568DC80}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{302725CC-C7B9-4650-8602-7F353B01366A}" = ESET NOD32 Antivirus
"{4A5459FD-2CE3-2F15-C7E2-F2619F7D70DF}" = ccc-utility64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{94FAB69F-2BA2-306E-5AD8-FC535E40CDD7}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{076CFC06-AC36-9C80-15DC-236B3E32A49B}" = Catalyst Control Center HydraVision Full
"{0EB8BBED-28FC-8F41-0683-B404BDD5B645}" = Catalyst Control Center Graphics Full Existing
"{193FE766-1133-3B72-5B7D-CF899A804042}" = Catalyst Control Center Core Implementation
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{224D2E8D-8B5E-5D33-9B98-A716987285F8}" = Catalyst Control Center Graphics Previews Vista
"{2687E1B6-3E04-D856-2D4D-F64BE4728CF7}" = ccc-core-static
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{4E81E059-F7DB-3328-A9ED-98C3C9BBF1EF}" = Catalyst Control Center Graphics Light
"{4F207CA7-6197-9216-E6DA-C500BB9635A7}" = Skins
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8801B689-FD65-D882-3759-C04807BF7525}" = Catalyst Control Center Graphics Full New
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Polish
"{BEWINTERNET-PL}.UninstallSuite" = Business Everywhere
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{E2FA8570-C395-6D0E-0D01-020F8CC40394}" = Catalyst Control Center Graphics Previews Common
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0 CE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CardDetectorHUAWEI1752_1552" = Card Detector for Huawei E1752 and E1552
"Codec_is1" = Codec 8.2 build 4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader_is1" = Foxit Reader
"Gadu-Gadu" = Gadu-Gadu 7.7
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 22.0 (x86 pl)" = Mozilla Firefox 22.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"RealAlt_is1" = Real Alternative 1.7.5
"SubEdit-Player_is1" = SubEdit-Player
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2013-07-25 18:23:01 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xf64, godzina rozpoczęcia aplikacji 0x01ce8985858333ac.
Error - 2013-07-25 19:23:00 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xf30, godzina rozpoczęcia aplikacji 0x01ce898de732b41c.
Error - 2013-07-25 20:23:01 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0x864, godzina rozpoczęcia aplikacji 0x01ce899648d4c70c.
Error - 2013-07-25 21:23:01 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xfc4, godzina rozpoczęcia aplikacji 0x01ce899eaac8555c.
Error - 2013-07-25 22:23:13 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xfb0, godzina rozpoczęcia aplikacji 0x01ce89a70c89b01c.
Error - 2013-07-25 23:23:00 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xf38, godzina rozpoczęcia aplikacji 0x01ce89af6e3eaecc.
Error - 2013-07-26 00:23:00 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xfc8, godzina rozpoczęcia aplikacji 0x01ce89b7d001691c.
Error - 2013-07-26 01:23:00 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xf6c, godzina rozpoczęcia aplikacji 0x01ce89c031c7a5dc.
Error - 2013-07-26 02:23:06 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0xd7c, godzina rozpoczęcia aplikacji 0x01ce89c89395359c.
Error - 2013-07-26 03:23:01 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.6.602.180,
sygnatura czasowa 0x51a4ab8c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18541,
sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004bb57,
identyfikator
procesu 0x7bc, godzina rozpoczęcia aplikacji 0x01ce89d0f55d183c.
[ OSession Events ]
Error - 2011-09-20 06:26:34 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 350
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2013-07-24 04:06:22 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2013-07-24 05:05:53 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2013-07-24 05:06:08 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2013-07-24 11:43:09 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2013-07-24 11:43:23 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2013-07-24 15:31:34 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2013-07-24 15:31:53 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2013-07-25 13:27:55 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2013-07-25 13:28:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2013-07-25 14:08:38 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Wielkie dzięki za wszelką pomoc.
