Samoczynny restart komputera

**Posty:** 6 · przez **Ewelunia** 25 Lip 2012, 13:30

Witam. Komputer mi od wczoraj świruje. Mam Windows 7, 64bit. Od wczoraj sam mi się uruchamia co kilka/kilkanaście minut. Wyskakuje okienko: "Windows napotkał krytyczny błąd i zostanie uruchomiony ponownie w ciągu minuty." Zauważyłam że aktualizacje systemu windows się wyłączyły, udało mi sie teraz tą usługę windows update włączyć, ale coś nie aktualizuje, wyskakuje błąd. Podejrzewam wirus, ale wczoraj nie wchodziłam na żadne głupie strony. Mam program antywirusowy. Wczoraj wgrał mi się ten Security Shield, dla mnie to wirus, który sam bez pytania pojawia sie i skanuje system, usunęłam go - odinstalowałam, ale myślę że on coś mógł namieszać. Skanowałam antywirusem, znalazł kilka niegroźnych wirusów, usunęłam. Ale nadal są restarty. Nie wiem co robić, nie da się nic porobić na dłuższą chwilę. Za każdym ponownych uruchomieniem zmienia mi ikonki na duże i rozwala je. Skanowałam też programem Malwarebytes Anti-Malware, także nie pomógł. Znacie dobry program który przeskanuje/naprawi/znajdzie przyczynę?
Załączam pliki z OTL.

**Posty:** 18165 · przez **wojtas** 25 Lip 2012, 19:03

Uruchom SystemLook x64, do okna wklej:

:reg
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

:filefind
services.exe

Klik w Look. Przedstaw wynikowy raport. Uruchom także Farbar Service Scanner , zaznacz wszystkie opcje i klik w Scan. Przedstaw log

**Posty:** 6 · przez **Ewelunia** 25 Lip 2012, 20:35

Dzięki za odpowiedź. Udało mi się przywrócić system o jeden dzień, w trybie awaryjnym. Od tej pory na razie jeszcze się nie uruchomił ponownie, nie wiem czy jeszcze trzeba wklejać te linijki? Czy wirusa już nie ma? Tak myślałam że to ma związek z plikiem services.exe, bo firewall pytał się czy go przepuścić, a ja przepuściłam myśląc że to po prostu sieć, bo taki sam plik odpowiada za internet. Jakby co załączam nowe logi.

Edit: na drugim forum jedna osoba mi pomogła, podała kody do wklejenia, linki itp, także może już będzie dobrze

**Posty:** 18165 · przez **wojtas** 26 Lip 2012, 17:50

na jakim forum ? można prosić link ? daj logi o które prosiłem ?

**Posty:** 6 · przez **Ewelunia** 26 Lip 2012, 20:31

Logi:

Kod: Zaznacz wszystko: Farbar Service Scanner Version: 26-07-2012 Ran by Ewelina (administrator) on 26-07-2012 at 20:29:50 Running from "C:\Users\Ewelina\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Disabled The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

Z tego forum zrobiłam: http://www.forumpc.pl/index.php?showtopic=255080

**Posty:** 18165 · przez **wojtas** 27 Lip 2012, 14:20

a log z System Look ?

**Posty:** 6 · przez **Ewelunia** 28 Lip 2012, 13:40

Kod: Zaznacz wszystko: SystemLook 30.07.11 by jpshortstuff Log created at 22:01 on 25/07/2012 by Ewelina Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB -= EOF =-

**Posty:** 18165 · przez **wojtas** 28 Lip 2012, 14:03

Uruchom BlitzBlank w karcie Script wklej :

DeleteFile:
C:\Users\Ewelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Security Shield.lnk

DeleteFolder:
c:\Users\Ewelina\AppData\Local\{62e03b1b-9646-28cc-b5b9-d088ddd9960d}
C:\Users\Ewelina\AppData\Roaming\Babylon

Klik w Execute Now. Zatwierdź restart komputera.
Pokaż nowy log z OTL i raport z pracy BlitzBlank (C:\blitzblank.log )

**Posty:** 6 · przez **Ewelunia** 29 Lip 2012, 16:48

Raport z BlitzBlank:

Kod: Zaznacz wszystko: BlitzBlank 1.0.0.32 File/Registry Modification Engine native application MoveDirectoryOnReboot: sourceDirectory = "\??\c:\users\ewelina\appdata\local\{62e03b1b-9646-28cc-b5b9-d088ddd9960d}", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\users\ewelina\appdata\local\{62e03b1b-9646-28cc-b5b9-d088ddd9960d}\@", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\users\ewelina\appdata\local\{62e03b1b-9646-28cc-b5b9-d088ddd9960d}\L", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\users\ewelina\appdata\local\{62e03b1b-9646-28cc-b5b9-d088ddd9960d}\U", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\users\ewelina\appdata\local\{62e03b1b-9646-28cc-b5b9-d088ddd9960d}\U\00000001.@", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\users\ewelina\appdata\roaming\babylon", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\users\ewelina\appdata\roaming\babylon\log_file.txt", destinationFile = "(null)", replaceWithDummy = 0

Log z OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-07-29 16:38:16 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ewelina\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,00 Gb Total Physical Memory | 5,47 Gb Available Physical Memory | 78,20% Memory free 14,00 Gb Paging File | 12,36 Gb Available in Paging File | 88,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 390,63 Gb Total Space | 181,34 Gb Free Space | 46,42% Space Free | Partition Type: NTFS Drive D: | 540,89 Gb Total Space | 229,13 Gb Free Space | 42,36% Space Free | Partition Type: NTFS Drive F: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EWELINAWIN7 | User Name: Ewelina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-29 16:37:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ewelina\Desktop\OTL_[www.programosy.pl].exe PRC - [2012-07-25 17:13:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-04-14 17:07:56 | 000,173,888 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe PRC - [2011-04-13 18:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\ApVxdWin.exe PRC - [2010-10-20 16:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe PRC - [2010-08-16 15:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe PRC - [2010-06-04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe PRC - [2010-05-28 14:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\AVENGINE.EXE PRC - [2010-04-22 19:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe PRC - [2010-02-23 13:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavBckPT.exe PRC - [2009-11-26 18:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE PRC - [2009-08-10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe PRC - [2008-06-27 14:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\SRVLOAD.EXE PRC - [2008-06-19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe PRC - [2008-02-04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe PRC - [2008-01-31 15:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2007-02-14 14:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\MiniCrypto.dll MOD - [2004-05-19 12:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\libxml2.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-07-27 19:58:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-25 17:13:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-07-18 23:06:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-05-15 14:58:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-04-14 17:07:56 | 000,173,888 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe -- (TPSrv) SRV - [2010-10-20 16:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe -- (PAVFNSVR) SRV - [2010-08-16 15:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe -- (PskSvcRetail) SRV - [2010-06-04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe -- (PAVSRV) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-11-26 18:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE -- (PSHost) SRV - [2009-08-10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe -- (Panda Software Controller) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-06-19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe -- (PSIMSVC) SRV - [2008-02-04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-07 13:20:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-01-09 19:49:48 | 000,015,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\COMFiltr.sys -- (ComFiltr) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-01-31 17:41:28 | 000,129,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\APPFLT64.SYS -- (APPFLT) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010-09-09 17:23:00 | 000,078,920 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idsflt64.sys -- (IDSFLT) DRV:[b]64bit:[/b] - [2010-09-01 12:09:12 | 000,216,648 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\n64i1644.sys -- (NETIMFLT01060044) DRV:[b]64bit:[/b] - [2010-06-22 19:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:[b]64bit:[/b] - [2010-05-21 14:50:50 | 000,065,608 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM) DRV:[b]64bit:[/b] - [2009-10-27 13:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt) DRV:[b]64bit:[/b] - [2009-09-28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2009-09-25 15:54:08 | 000,074,760 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wnmflt64.sys -- (WNMFLT) DRV:[b]64bit:[/b] - [2009-09-25 15:54:06 | 000,170,504 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NETTDI64.SYS -- (NETFLTDI) DRV:[b]64bit:[/b] - [2009-09-25 15:54:02 | 000,082,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dsaflt64.sys -- (DSAFLT) DRV:[b]64bit:[/b] - [2009-09-25 15:54:02 | 000,031,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fnetm64.sys -- (FNETMON) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV:[b]64bit:[/b] - [2005-03-29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-70415364-3250276573-4211393280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=125 IE - HKU\S-1-5-21-70415364-3250276573-4211393280-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-70415364-3250276573-4211393280-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-70415364-3250276573-4211393280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-70415364-3250276573-4211393280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ewelina\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ewelina\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-18 23:06:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-18 23:06:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-09 18:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ewelina\AppData\Roaming\mozilla\Extensions [2012-07-12 10:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ewelina\AppData\Roaming\mozilla\Firefox\Profiles\k5725dxa.default\extensions [2012-07-12 10:51:25 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Ewelina\AppData\Roaming\mozilla\Firefox\Profiles\k5725dxa.default\extensions\battlefieldplay4free@ea.com [2012-06-21 08:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-07-03 22:57:24 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\EWELINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K5725DXA.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012-07-01 11:48:55 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\EWELINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K5725DXA.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012-07-09 21:48:24 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\EWELINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K5725DXA.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI [2012-07-18 23:06:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-06-21 08:16:51 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-21 08:16:51 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-21 08:16:51 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-21 08:16:51 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-21 08:16:51 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-21 08:16:51 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ewelina\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Ewelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Users\Ewelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Users\Ewelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012-02-20 16:18:29 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F51D43F-4A34-4921-A522-0D1923ADB375}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-18 23:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{836c23ab-41ac-11e1-8d63-002354652216}\Shell - "" = AutoRun O33 - MountPoints2\{836c23ab-41ac-11e1-8d63-002354652216}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{836c23ad-41ac-11e1-8d63-002354652216}\Shell - "" = AutoRun O33 - MountPoints2\{836c23ad-41ac-11e1-8d63-002354652216}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{939f32af-3ade-11e1-9492-002354651d34}\Shell - "" = AutoRun O33 - MountPoints2\{939f32af-3ade-11e1-9492-002354651d34}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- [2009-11-13 21:25:22 | 003,280,672 | ---- | M] (Western Digital) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-29 16:37:12 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ewelina\Desktop\OTL_[www.programosy.pl].exe [2012-07-29 16:31:38 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Ewelina\Desktop\BlitzBlank.exe [2012-07-29 10:15:06 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{EC04C37A-D053-44BB-BDBC-27D677AD67BF} [2012-07-29 10:14:54 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{22642060-5AB2-4685-8B63-76657E96079D} [2012-07-28 23:19:52 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\Desktop\tapety [2012-07-28 12:44:13 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{2829A382-E12A-44E5-900C-0575FBC4316C} [2012-07-28 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{EB514A0F-73FC-480E-B0B0-3270FCBFA583} [2012-07-28 12:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012-07-28 12:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012-07-28 12:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012-07-28 12:10:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-07-27 13:51:40 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{D801CCD9-8FB3-4B6C-80FF-020BE9C080A2} [2012-07-27 13:51:29 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{916C9DB0-C235-447E-BB4B-4A2928821D70} [2012-07-27 01:51:02 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{1E7AB2DC-F3A7-41FF-8534-CA443FEFBD8B} [2012-07-27 01:50:45 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{91C135CC-37FC-4AEB-B4BD-C2E7909B3BB0} [2012-07-26 14:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012-07-26 14:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012-07-26 09:49:45 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{BCB57D6A-F7AC-40B7-B6D3-B720A4049816} [2012-07-26 09:49:33 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{318A5F7B-FDFF-4251-8548-46F0A4C9A9FE} [2012-07-25 14:16:12 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012-07-25 14:16:12 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012-07-25 14:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2012-07-25 14:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo [2012-07-25 14:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012-07-25 14:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-07-25 13:10:43 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012-07-25 13:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012-07-24 23:45:26 | 000,000,000 | ---D | C] -- C:\dell [2012-07-24 10:11:41 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{65537051-C175-48D1-B00A-74312091C25F} [2012-07-24 10:11:29 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{7B36493B-11D8-464E-AF61-91921838AE70} [2012-07-23 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{FC43A44F-C01B-41EC-AF13-1B80BD7E5E5E} [2012-07-23 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{F0440F23-C76D-4DD1-B320-BD958D5FA094} [2012-07-22 19:05:16 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\Desktop\Inne [2012-07-22 13:11:16 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{BA1A3FC6-BDCB-45A3-89B4-F7C859B6FA6D} [2012-07-22 13:11:04 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{071A6405-09CE-4C11-8F4F-A16385A2A6E3} [2012-07-21 23:06:16 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{526D1BA6-567B-4CCC-8564-CADF23720373} [2012-07-21 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{8D86A976-1603-4634-9039-3F449DC6DA91} [2012-07-21 11:05:39 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{75C7C05B-2B5C-4F80-AA67-CF6797144E2C} [2012-07-21 11:05:28 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{1493B17F-ABAB-44AE-9CD3-099E2E6D3310} [2012-07-20 11:58:29 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{61717BB1-925C-4ED6-9A82-B4C979F4C1A8} [2012-07-20 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{C28A0B11-40F9-42E7-B4FC-C7BFC2BDD45E} [2012-07-19 23:57:51 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{4EF8F06C-02CD-4964-B491-609AE2CC63B3} [2012-07-19 23:57:39 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{EE53F4C8-6155-42FD-A583-D7E1230B0712} [2012-07-19 11:48:47 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{0917D8A8-E3C0-42A8-B120-1FE55C2B685C} [2012-07-19 11:48:36 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{7C8E5341-3297-4BD1-9958-72BD64A947DD} [2012-07-18 23:48:11 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{45A82083-5CD3-41C9-9F3C-CA48EB4274DB} [2012-07-18 23:48:00 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{8AC3BB14-A6CF-4711-B7CE-A473EFDA1A82} [2012-07-18 11:47:35 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{40683184-3673-4972-95B4-D2E0A6F38575} [2012-07-18 11:47:23 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{3FE4B9E7-3501-4CAE-BE0C-811F78DC6F1C} [2012-07-17 23:35:58 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{9C1E8D64-3289-44D5-B31C-25683004D28C} [2012-07-17 23:35:46 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{FD3F150C-A6BE-427C-80D2-7C893B35F679} [2012-07-17 23:21:31 | 000,000,000 | -HSD | C] -- C:\Users\Ewelina\AppData\Roaming\wyUpdate AU [2012-07-17 11:24:55 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{5CF8BD60-05F1-481E-9F30-12983D19B078} [2012-07-17 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{69BB8987-5399-434E-9CFA-25BD611BF726} [2012-07-16 23:00:44 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{500CB75A-C050-45AA-A7D9-F97806C827E4} [2012-07-16 23:00:32 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{CCC8549D-5E0A-4529-B415-13F7F81C6974} [2012-07-16 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{0FA8344C-A41E-4B58-8FCF-47A0584F184B} [2012-07-16 10:59:53 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{A949CA90-1F04-4EE8-8CF3-B8A282BE1404} [2012-07-15 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{F6BB254F-1CEA-4624-B84B-35B859BC74DB} [2012-07-15 22:41:50 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{6F3E32A7-96FF-415F-93D3-EEF742D9009D} [2012-07-15 10:22:02 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{334D8907-2926-43D7-8CA2-AB2968E87656} [2012-07-15 10:21:50 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{E13E07DC-BE2D-4AB0-A8DC-FFF1B530F09F} [2012-07-14 18:40:08 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\Documents\Guild Wars [2012-07-14 18:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars [2012-07-14 18:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars [2012-07-14 14:48:57 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{0EBE9745-18A1-4D86-900A-1797DF84D8F0} [2012-07-14 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{D2A4C66C-B19C-4476-A110-80981865F074} [2012-07-13 22:55:46 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{49FF8E5A-D376-43EC-830B-8C687292A0C0} [2012-07-13 22:55:34 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{73F60091-4776-44B8-ADC1-91B7F97C95F1} [2012-07-13 10:44:40 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{FD2005AD-8DA2-477F-A91C-50873EF840E8} [2012-07-13 10:44:28 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{25C8FEA4-2A72-4A61-B2E9-0D1BC938C84C} [2012-07-12 12:55:10 | 000,000,000 | -H-D | C] -- C:\Users\Ewelina\Documents\Runes of Magic [2012-07-12 12:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runes of Magic [2012-07-12 12:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runes of Magic [2012-07-12 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft [2012-07-12 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012-07-12 12:03:54 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\Pando_Temp [2012-07-12 12:01:57 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\assembly [2012-07-12 12:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft [2012-07-12 12:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft [2012-07-12 11:41:23 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{A45D299E-F0C7-4D46-804D-C08660F505A9} [2012-07-12 11:41:12 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{60BD4334-7A04-4DD9-9BDB-318166787FED} [2012-07-12 11:40:00 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\Documents\Battlefield Play4Free [2012-07-12 11:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2012-07-12 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2012-07-11 23:34:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-07-11 23:34:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-07-11 23:34:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-07-11 23:34:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-07-11 23:34:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-07-11 23:34:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-07-11 23:34:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-07-11 23:34:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-07-11 23:34:26 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-07-11 23:34:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-07-11 23:34:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-07-11 23:34:26 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-07-11 23:34:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-07-11 23:17:09 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{E0F3F1A2-322A-4F41-9753-94B77DCD4A8E} [2012-07-11 23:16:57 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{61AF90D2-D089-4E72-AA17-4EC408CE1A6D} [2012-07-11 23:04:12 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{43843F92-B704-44B0-B579-F66C51B690FB} [2012-07-11 23:02:32 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{96E94541-A4C6-467B-B8E1-0A86461E24FC} [2012-07-11 23:02:20 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{1F132406-AC22-4BA4-B358-FA921D3D5992} [2012-07-11 17:40:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012-07-11 17:40:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012-07-11 17:40:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-07-11 17:40:20 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012-07-11 17:40:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012-07-11 15:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu [2012-07-11 15:31:48 | 000,000,000 | ---D | C] -- C:\gPotato.eu [2012-07-11 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{9173F043-DEFB-4AA5-859E-536C44C320AE} [2012-07-11 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{60016D12-AF28-490B-BFE3-7C52BD2E6723} [2012-07-10 22:56:23 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{8D606F63-D395-4791-8DF3-A5DCEA1798BC} [2012-07-10 22:56:10 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{1FBB697F-531E-4941-A24F-43965BF1CF03} [2012-07-10 09:41:07 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{6E922D2A-9375-4ADA-87F7-A5A6D596BD22} [2012-07-10 09:40:55 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{0F08C92B-89B7-4213-BE21-0B19BEE35AD1} [2012-07-09 21:41:12 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Roaming\FOG Downloader [2012-07-09 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{2ADF96D9-D52B-450D-AD88-F3DF0C83EC8E} [2012-07-09 21:40:16 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{BDF9E942-B3B4-4057-A4A9-B8FB41DDA35C} [2012-07-09 19:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastChaosPol [2012-07-09 19:47:53 | 000,000,000 | ---D | C] -- C:\GAMIGO [2012-07-09 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{208B0CD8-AC07-49E0-BEB9-7347B8855D90} [2012-07-09 09:39:38 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{624B331D-1A89-4CBC-9CA2-BE4D45B025F5} [2012-07-08 19:03:09 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizard101(PL) [2012-07-08 19:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Wizard101(PL) [2012-07-08 12:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{AEEFA511-85D1-4B56-8A00-475195B10639} [2012-07-08 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{9526342D-36E5-4356-BCF3-619A5B6349E8} [2012-07-08 11:45:23 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{6BD9A80E-6C6B-4409-B98F-7F865F286F54} [2012-07-08 11:45:10 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{477541FC-60EA-4F40-A452-E10DBC7030A8} [2012-07-07 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{360781F1-BA42-49F2-AF42-86FF9C06B062} [2012-07-07 12:08:08 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{EC4865EC-905A-47D6-905F-42EF8DEAA93B} [2012-07-07 11:31:26 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{D25F085C-C49E-4B4B-A168-98C3CAFF4688} [2012-07-06 23:21:50 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{20592BC1-71EC-434F-ACDD-2AB5727BC03D} [2012-07-06 23:21:38 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{C9987AE5-EE09-4178-B2F3-96D6E164C140} [2012-07-06 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Roaming\SPORE Creature Creator [2012-07-06 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\Documents\Moje dzieła SPORE™ [2012-07-06 14:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2012-07-06 09:42:26 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\Documents\NFSTR [2012-07-06 09:42:20 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{459438A8-B01B-461E-8A4B-D1C80C15E5CF} [2012-07-06 09:42:08 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{A82FB13E-C3AA-4F4B-BE32-2C046E923F48} [2012-07-06 06:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed(TM) The Run [2012-07-05 22:35:58 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{671A23F6-01C6-4BB3-A4D7-FF114050DAF5} [2012-07-05 22:35:46 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{6A3157D3-D1B6-423B-B09D-07F4358435C3} [2012-07-05 12:33:24 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\Desktop\Filmy [2012-07-05 10:22:23 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{CC11862A-4B0E-49EC-A876-6C6FB5FD4AB0} [2012-07-05 10:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{7776AAF1-1147-4104-8867-E2936E58CC91} [2012-07-04 22:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{74AD8906-F289-4133-8656-F6AC83B17005} [2012-07-04 22:21:34 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{24F840BF-3F76-415F-B2E0-C0AAB4D01031} [2012-07-04 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{B9588CD3-7D4F-407F-8A77-B94B8EF672AD} [2012-07-04 10:20:57 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{A20A10E1-0694-4280-B287-DFA62E61E7F6} [2012-07-03 22:20:31 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{2FD5FE09-02C1-43D2-AB10-78E08079B083} [2012-07-03 22:20:19 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{6DF97AFE-D7C8-42CB-AF93-1FB9DF26B1A9} [2012-07-03 14:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free Video to Flash Converter [2012-07-03 14:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pazera-software [2012-07-03 14:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert AVI to MP4 [2012-07-03 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert AVI to MP4 [2012-07-03 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{F9DFFAA2-912A-4B65-82D9-CA6EFA344A39} [2012-07-03 10:19:41 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{E74F869C-04F8-486B-8B0A-8D23D913A919} [2012-07-02 22:19:16 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{50407466-94D6-4D28-9E48-3A4A0C23CD2E} [2012-07-02 22:19:04 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{230B6CAB-BFF3-4A1D-8C24-73F128622062} [2012-07-02 09:46:24 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{405B030B-D870-409C-830C-9F96BED54D51} [2012-07-02 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{37E55618-9D44-4B3C-BC72-C0E05084938C} [2012-07-01 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{D306E063-FB4E-4164-BA50-26E90F960697} [2012-07-01 11:01:45 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{8E14E460-6A35-47B3-8B4B-C22CE9E99D0A} [2012-06-30 16:53:22 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Roaming\Malwarebytes [2012-06-30 16:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-06-30 16:52:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-06-30 16:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-06-30 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-06-30 12:31:39 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{8EC8AEA8-3FA9-4146-B993-D444BDBFCDBF} [2012-06-30 12:31:27 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{3CEAEBC7-BD25-4839-AF80-8C28DD561D7E} [2012-06-29 23:18:08 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{27F0D4D2-B56B-407F-8099-CAB21F99B331} [2012-06-29 23:17:56 | 000,000,000 | ---D | C] -- C:\Users\Ewelina\AppData\Local\{A8444C89-93B5-453E-9E8E-51CE9E698B88} [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-29 16:42:37 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-29 16:42:37 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-29 16:41:12 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-29 16:37:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ewelina\Desktop\OTL_[www.programosy.pl].exe [2012-07-29 16:36:47 | 000,518,856 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck [2012-07-29 16:36:47 | 000,518,856 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT [2012-07-29 16:36:47 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck [2012-07-29 16:36:47 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG [2012-07-29 16:36:47 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck [2012-07-29 16:36:47 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg [2012-07-29 16:36:47 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck [2012-07-29 16:36:47 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt [2012-07-29 16:36:47 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck [2012-07-29 16:36:47 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg [2012-07-29 16:36:47 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck [2012-07-29 16:36:47 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg [2012-07-29 16:36:47 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck [2012-07-29 16:36:47 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg [2012-07-29 16:36:46 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck [2012-07-29 16:36:46 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls [2012-07-29 16:35:41 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck [2012-07-29 16:35:41 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg [2012-07-29 16:35:29 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck [2012-07-29 16:35:29 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt [2012-07-29 16:35:28 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-29 16:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-29 16:35:10 | 1341,431,807 | -HS- | M] () -- C:\hiberfil.sys [2012-07-29 16:31:39 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Ewelina\Desktop\BlitzBlank.exe [2012-07-29 16:01:11 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-70415364-3250276573-4211393280-1000Core.job [2012-07-29 16:01:08 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-70415364-3250276573-4211393280-1000UA.job [2012-07-29 15:58:04 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-07-28 14:17:40 | 732,266,358 | ---- | M] () -- C:\Users\Ewelina\Desktop\Der.Ganz.Grosse.Traum.2011.PL.BRRip.XviD-BiDA.avi [2012-07-27 23:11:36 | 734,464,000 | ---- | M] () -- C:\Users\Ewelina\Desktop\The.Raid.Redemption.2011.BRRip.XviD-B89.avi [2012-07-27 19:58:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-07-27 19:58:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-07-27 15:42:55 | 736,323,804 | ---- | M] () -- C:\Users\Ewelina\Desktop\Suskind.2012.PLSUBBED.DVDRip.XviD-BiDA.avi [2012-07-27 13:04:27 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC [2012-07-27 01:22:27 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012-07-26 20:21:19 | 002,163,481 | ---- | M] () -- C:\Users\Ewelina\Desktop\smycz.ai [2012-07-26 11:03:18 | 001,549,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-07-26 11:03:18 | 000,697,896 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-07-26 11:03:18 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-07-26 11:03:18 | 000,135,006 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-07-26 11:03:18 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-07-25 17:16:41 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012-07-25 17:16:41 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012-07-25 17:16:14 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012-07-25 17:13:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012-07-23 17:03:10 | 000,070,913 | ---- | M] () -- C:\Users\Ewelina\Desktop\20120723233.jpg [2012-07-20 19:14:48 | 000,001,496 | ---- | M] () -- C:\Users\Ewelina\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs [2012-07-17 17:54:55 | 000,000,132 | ---- | M] () -- C:\Users\Ewelina\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2012-07-11 23:40:32 | 006,921,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-07-03 12:24:52 | 000,003,584 | ---- | M] () -- C:\Users\Ewelina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-06-30 16:47:13 | 000,000,048 | ---- | M] () -- C:\Users\Ewelina\AppData\Local\EWELINAWIN7.cfg [2012-06-30 15:03:20 | 000,000,132 | ---- | M] () -- C:\Users\Ewelina\AppData\Roaming\Preferencje Adobe CS5 dla formatu GIF [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-28 14:00:18 | 732,266,358 | ---- | C] () -- C:\Users\Ewelina\Desktop\Der.Ganz.Grosse.Traum.2011.PL.BRRip.XviD-BiDA.avi [2012-07-28 13:53:29 | 734,464,000 | ---- | C] () -- C:\Users\Ewelina\Desktop\The.Raid.Redemption.2011.BRRip.XviD-B89.avi [2012-07-27 19:55:34 | 736,323,804 | ---- | C] () -- C:\Users\Ewelina\Desktop\Suskind.2012.PLSUBBED.DVDRip.XviD-BiDA.avi [2012-07-26 20:02:04 | 002,163,481 | ---- | C] () -- C:\Users\Ewelina\Desktop\smycz.ai [2012-07-26 14:18:10 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-26 14:18:09 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-23 19:42:54 | 000,070,913 | ---- | C] () -- C:\Users\Ewelina\Desktop\20120723233.jpg [2012-06-30 16:47:13 | 000,000,048 | ---- | C] () -- C:\Users\Ewelina\AppData\Local\EWELINAWIN7.cfg [2012-06-30 15:03:20 | 000,000,132 | ---- | C] () -- C:\Users\Ewelina\AppData\Roaming\Preferencje Adobe CS5 dla formatu GIF [2012-06-04 18:57:33 | 000,003,584 | ---- | C] () -- C:\Users\Ewelina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-18 12:17:04 | 000,000,132 | ---- | C] () -- C:\Users\Ewelina\AppData\Roaming\Preferencje Adobe CS5 dla formatu BMP [2012-02-03 13:07:35 | 000,000,132 | ---- | C] () -- C:\Users\Ewelina\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2012-01-11 17:26:27 | 000,001,496 | ---- | C] () -- C:\Users\Ewelina\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs [2012-01-11 12:40:36 | 000,000,411 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012-01-11 12:40:36 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT [2012-01-10 15:14:45 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012-01-10 15:14:45 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012-01-09 20:39:45 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012-01-09 20:39:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011-04-09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [color=#E56717]========== LOP Check ==========[/color] [2012-01-27 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Alawar [2012-01-12 17:02:18 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Auslogics [2012-05-03 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\AutoUpdate [2012-07-27 23:19:52 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\BitTorrent [2012-02-12 22:08:30 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012-01-18 17:05:54 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\ColorCop [2012-05-15 13:26:18 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-02-07 13:45:43 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\DAEMON Tools Lite [2012-01-29 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\EurekaLog [2012-07-09 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\FOG Downloader [2012-01-24 19:29:17 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Happy Artist Studio [2012-05-22 12:40:06 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Happy Chef [2012-07-06 12:52:31 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Kamerzysta [2012-01-30 22:58:34 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Klei [2012-01-27 21:36:02 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\NapiProjekt [2012-02-08 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\ObviousIdea [2012-01-18 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\OpenOffice.org [2012-05-24 15:53:54 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Opera [2012-01-09 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Origin [2012-01-09 19:48:55 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Panda Security [2012-03-28 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\rwg [2012-07-06 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\SPORE Creature Creator [2012-01-17 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012-06-21 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\SWiSH Max4 PLK [2012-05-19 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\TeamViewer [2012-07-28 23:02:59 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Tlen.pl [2012-01-09 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Ewelina\AppData\Roaming\Windows Live Writer [2012-07-17 23:21:31 | 000,000,000 | -HSD | M] -- C:\Users\Ewelina\AppData\Roaming\wyUpdate AU [2012-05-19 10:01:54 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-07-29 16:38:16 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ewelina\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,00 Gb Total Physical Memory | 5,47 Gb Available Physical Memory | 78,20% Memory free 14,00 Gb Paging File | 12,36 Gb Available in Paging File | 88,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 390,63 Gb Total Space | 181,34 Gb Free Space | 46,42% Space Free | Partition Type: NTFS Drive D: | 540,89 Gb Total Space | 229,13 Gb Free Space | 42,36% Space Free | Partition Type: NTFS Drive F: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EWELINAWIN7 | User Name: Ewelina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js [@ = jsfile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .js [@ = jsfile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* .wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* [HKEY_USERS\S-1-5-21-70415364-3250276573-4211393280-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [LightImageResizer] -- "C:\Program Files (x86)\ObviousIdea\Image Resizer 4\Resize.exe" "%1" (ObviousIdea SARL) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [LightImageResizer] -- "C:\Program Files (x86)\ObviousIdea\Image Resizer 4\Resize.exe" "%1" (ObviousIdea SARL) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6304EAB7-9BEF-4A5E-BCAD-6FE0391F7B33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6994EEB4-8415-45BE-A90F-34247ED51A19}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E02C1FA8-E3D2-48A7-8968-EE728BB9AA68}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B12151F-7596-41B0-9784-6197A62C134B}" = protocol=17 | dir=in | app=d:\gry\virtua tennis 4\vt4.exe | "{1AAF772B-BCF4-4211-A63F-FF7C73706680}" = protocol=6 | dir=in | app=d:\gry\virtua tennis 4\vt4.exe | "{20E04399-FE30-4450-B156-7AC831FB3163}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{223DC850-C8CE-464F-993B-F87109E57298}" = protocol=6 | dir=in | app=d:\gry\shank\bin\shank.exe | "{2ADF62F5-A105-4C88-BFDF-901E11B023F6}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe | "{2E294D4A-90D5-469D-A984-5385AFC9805B}" = protocol=17 | dir=in | app=d:\gry\need for speed the run\need for speed the run.exe | "{31CCE0D8-F9D8-4A65-8295-F19A8ADE5B8C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{42DC88EA-03CD-49C6-8921-042AF75162CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{46581D5C-F95F-44D3-9700-D4EF22927440}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5EBEAD11-3D37-48A6-958F-B3AB9EC19093}" = protocol=6 | dir=in | app=d:\gry\need for speed the run\need for speed the run.exe | "{619CB41F-63AA-466F-8FE8-5F9625D25772}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe | "{67060CBC-E02D-43E5-81F4-A3FC30CB7C17}" = protocol=6 | dir=in | app=d:\gry\battlefield 3\bf3.exe | "{68BC797B-9F3F-4D3C-84BF-3FD6834580FA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{6CB7A3ED-EE87-4766-8E7E-074083A366BB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7999FFF7-4875-4300-B8CF-B45B83FDFA47}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{810C0044-15DF-436C-81E0-1F3A7614E78C}" = protocol=17 | dir=in | app=d:\gry\battlefield 3\bf3.exe | "{9174456C-3C78-4F1D-812E-692C3D6DD9D0}" = protocol=17 | dir=in | app=d:\gry\shank\bin\shank.exe | "{91AA6BAC-D006-4DDC-98BA-5D801B73D398}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{926E673B-1A51-4F4F-809C-DD677DA0C04F}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe | "{9B5EE98F-D314-4B94-AF12-F4B481F0EED0}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{A2E8976F-E809-4ADD-9F06-8B69FEE6EBBB}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe | "{ACD0F0AC-7D38-4E5C-95B6-AC55CAC9FC42}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{B347E223-C516-48C4-A2F7-2A81D03E92AF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B620CA98-C3EB-4A78-8AD5-7EDE09D1BDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{BF978314-C0EE-4253-9550-CE7AE6D43B40}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe | "{DB2C168B-C8E8-4467-947A-E648B1AFA5D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E353FC17-64B7-4511-8FCE-800CA66B8E09}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{EC562C86-26E6-415A-BF06-795A49E74613}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe | "{F8448488-6118-41B1-8155-A451BE6B8B2B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{FBF3AF6A-1D67-4093-8360-24A084470846}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{FD22D0E7-82DF-4246-9A47-525CA271E1BC}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{AD7EF594-F85C-4B08-B066-49D588CA38C7}C:\program files (x86)\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tlen.pl\tlen.exe | "TCP Query User{AFB22C00-A6BB-4BDB-B2A9-2AB0E14A106D}C:\program files (x86)\panda security\panda internet security 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2012\apvxdwin.exe | "TCP Query User{B4136179-1BAD-4CDF-81D1-51069F192942}C:\program files (x86)\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tlen.pl\tlen.exe | "UDP Query User{2D41E267-618A-4CAC-8000-26B21B9DA65F}C:\program files (x86)\panda security\panda internet security 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2012\apvxdwin.exe | "UDP Query User{78C64DAC-CF6C-48AF-AE4F-6308772100AD}C:\program files (x86)\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tlen.pl\tlen.exe | "UDP Query User{FC377F80-83DE-412D-9EF7-B6F6B1CBA722}C:\program files (x86)\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tlen.pl\tlen.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Sterownik wideo firmy Pinnacle "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C2C70B1-4441-4A76-B5E2-C339C24C63F3}" = Adobe Illustrator CS3 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{5E799CD8-CD78-460F-A987-E00928F5AE02}" = Panda Internet Security 2012 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6BB106D2-1630-49BA-BC26-BC4FD383B27C}_is1" = Rachunek Small Business "{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3 "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2012 "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{796F9B3D-4BDB-40A9-93AD-AC6AB34DD246}" = Panda Internet Security 2012 "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3 "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A56028FC-1F40-4369-9941-7AAAC6ACE924}" = LastChaosPoland "{A65A3CC3-2CB6-43E3-B492-3D69A191C072}_is1" = Pazera Free Video to Flash Converter 1.1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABE7BD22-6D77-4A27-ADDB-D36797E37A15}" = Shank "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.7 - Polish "{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.1.0.6 "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Fabryka stworów, wersja próbna "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup "{EF844CA2-012C-4727-8D20-73BC5E068584}" = SharpCap "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB6E7BFE-4578-499F-90CD-F7B2525E838C}" = Adobe Setup "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional "Adobe_cd40c268fefdd8bfc54faa37df2ce97" = Adobe Illustrator CS3 "Agent Ransack_is1" = Agent Ransack 2010 "ALLPlayer_is1" = ALLPlayer V5.X "AstrumNival Allods" = Allods Online 3.0.00.91 "Battlelog Web Plugins" = Battlelog Web Plugins "BitTorrent" = BitTorrent "Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.9.0.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0 "DAEMON Tools Lite" = DAEMON Tools Lite "ESN Sonar-0.70.4" = ESN Sonar "GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "Guild Wars" = Guild Wars "IETester" = IETester v0.4.11 (remove only) "LameACM" = LameACM "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151) "Opera 11.64.1403" = Opera 11.64 "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "SWiSH Max4" = SWiSH Max4 "Tlen.pl" = Tlen.pl "Vector Magic" = Vector Magic "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Podstawowe programy Windows Live [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-70415364-3250276573-4211393280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "NCsoft-Lineage2" = Lineage II "Wizard101(PL)_is1" = Wizard101(PL) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-25 07:37:10 | Computer Name = EwelinaWin7 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Ewelina\Desktop\SoftonicDownloader_dla_hijack-this.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 2012-07-25 07:37:27 | Computer Name = EwelinaWin7 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: services.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc10e Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000000000 Identyfikator procesu powodującego błąd: 0x200 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6a59c4a17f25 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\services.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 1bddb0ca-d64d-11e1-b8dc-002354652216 Error - 2012-07-25 07:40:33 | Computer Name = EwelinaWin7 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Ewelina\Desktop\SoftonicDownloader_dla_hijack-this.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 2012-07-25 15:46:54 | Computer Name = EwelinaWin7 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_3_300_265.exe, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd5ac Nazwa modułu powodującego błąd: NPSWF32_11_3_300_265.dll, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd798 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001d1e2f Identyfikator procesu powodującego błąd: 0x1520 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6a9b72538996 Ścieżka aplikacji powodującej błąd: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Identyfikator raportu: 7bb1950f-d691-11e1-8c38-002354652216 Error - 2012-07-25 16:43:01 | Computer Name = EwelinaWin7 | Source = Application Hang | ID = 1002 Description = Program soffice.bin w wersji 3.3.9556.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 109c Godzina rozpoczęcia: 01cd6aa5ccd2c408 Godzina zakończenia: 6 Ścieżka aplikacji: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin Identyfikator raportu: 4ce3bbc0-d699-11e1-807f-002354652216 Error - 2012-07-25 16:51:26 | Computer Name = EwelinaWin7 | Source = Windows Search Service | ID = 7040 Description = Error - 2012-07-25 16:51:26 | Computer Name = EwelinaWin7 | Source = Windows Search Service | ID = 7042 Description = Error - 2012-07-26 19:40:40 | Computer Name = EwelinaWin7 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Studio.exe, wersja: 15.0.0.7593, sygnatura czasowa: 0x4cc74e06 Nazwa modułu powodującego błąd: XPMFLVU.XPM, wersja: 0.0.0.0, sygnatura czasowa: 0x4cc74b4c Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x00004379 Identyfikator procesu powodującego błąd: 0xeb4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6b8568f64a0e Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Pinnacle\Studio 15\plugins\export\XPMFLVU.XPM Identyfikator raportu: 4e900ea2-d77b-11e1-b2d7-002354652216 Error - 2012-07-28 08:24:22 | Computer Name = EwelinaWin7 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: WizHosp.exe, wersja: 12.11.2.4, sygnatura czasowa: 0x00000000 Nazwa modułu powodującego błąd: CC3290MT.DLL, wersja: 9.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000193ee Identyfikator procesu powodującego błąd: 0x16ac Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6cbbdf0dd71a Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\WizHosp.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\CC3290MT.DLL Identyfikator raportu: 28b61333-d8af-11e1-8c4c-002354652216 Error - 2012-07-28 08:24:29 | Computer Name = EwelinaWin7 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: WizHosp.exe, wersja: 12.11.2.4, sygnatura czasowa: 0x00000000 Nazwa modułu powodującego błąd: CC3290MT.DLL, wersja: 9.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000193ee Identyfikator procesu powodującego błąd: 0x16ac Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6cbbdf0dd71a Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\WizHosp.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\CC3290MT.DLL Identyfikator raportu: 2d023c38-d8af-11e1-8c4c-002354652216 [ System Events ] Error - 2012-07-19 10:46:51 | Computer Name = EwelinaWin7 | Source = Service Control Manager | ID = 7023 Description = Usługa Panda On-Access Anti-Malware Service zakończyła działanie; wystąpił następujący błąd: %%1 Error - 2012-07-19 10:47:58 | Computer Name = EwelinaWin7 | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2012-07-19 18:25:07 | Computer Name = EwelinaWin7 | Source = Service Control Manager | ID = 7023 Description = Usługa Panda On-Access Anti-Malware Service zakończyła działanie; wystąpił następujący błąd: %%1 Error - 2012-07-20 03:08:27 | Computer Name = EwelinaWin7 | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2012-07-20 04:10:47 | Computer Name = EwelinaWin7 | Source = DCOM | ID = 10010 Description = Error - 2012-07-21 04:53:34 | Computer Name = EwelinaWin7 | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2012-07-21 17:23:01 | Computer Name = EwelinaWin7 | Source = Service Control Manager | ID = 7023 Description = Usługa Panda On-Access Anti-Malware Service zakończyła działanie; wystąpił następujący błąd: %%1 Error - 2012-07-22 07:05:04 | Computer Name = EwelinaWin7 | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 11:07:28 na ?2012-?07-?22 było nieoczekiwane. Error - 2012-07-22 15:24:55 | Computer Name = EwelinaWin7 | Source = Service Control Manager | ID = 7023 Description = Usługa Panda On-Access Anti-Malware Service zakończyła działanie; wystąpił następujący błąd: %%1 Error - 2012-07-23 06:06:41 | Computer Name = EwelinaWin7 | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. < End of report >

**Posty:** 18165 · przez **wojtas** 29 Lip 2012, 17:27

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:Files
C:\Users\Ewelina\AppData\Roaming\wyUpdate AU
c:\users\ewelina\appdata\local\{62e03b1b-9646-28cc-b5b9-d088ddd9960d}

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )
* Skasuj stan przywracania systemu

**Posty:** 6 · przez **Ewelunia** 29 Lip 2012, 20:03

Kod: Zaznacz wszystko: Files\Folders moved on Reboot... C:\Users\Ewelina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Ewelina\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...

Malwarebytes nic nie znalazł.

Dzięki wielkie za pomoc

Kto jest na forum