Podejrzenie keyloggera - zmiany haseł w gmailu

**Posty:** 1053 · przez **Filas** 24 Kwi 2011, 23:40

3 raz już zmieniło mi się hasło na GMailu, także jestem cokolwiek zmartwiony.

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-04-24 22:20:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Filas\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 79,16 Gb Free Space | 54,08% Space Free | Partition Type: NTFS Drive D: | 244,10 Gb Total Space | 104,22 Gb Free Space | 42,70% Space Free | Partition Type: NTFS Drive E: | 150,26 Gb Total Space | 90,41 Gb Free Space | 60,17% Space Free | Partition Type: NTFS Drive F: | 72,70 Gb Total Space | 59,69 Gb Free Space | 82,11% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 3,71 Gb Free Space | 7,60% Space Free | Partition Type: NTFS Drive H: | 59,57 Gb Total Space | 6,21 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive I: | 97,65 Gb Total Space | 10,18 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive J: | 100,61 Gb Total Space | 6,34 Gb Free Space | 6,30% Space Free | Partition Type: NTFS Drive K: | 86,40 Gb Total Space | 21,45 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Drive N: | 146,48 Gb Total Space | 53,30 Gb Free Space | 36,38% Space Free | Partition Type: NTFS Computer Name: FILASPC | User Name: Filas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .inf [@ = inffile] -- %SystemRoot%\system32\NOTEPAD.EXE %1 .ini [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) .txt [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- () "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes] "D:\Gry\CAEU\Combat Arms EU\CombatArms.exe" = D:\Gry\CAEU\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon) "D:\Gry\CAEU\Combat Arms EU\Engine.exe" = D:\Gry\CAEU\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 Na studiach "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls "{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1" = GT Legends 1.0.0.0 "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Rezydencje i ogrody Akcesoria "{1E5FF5FF-EE4B-4CDE-94F5-F211C9F6D7C2}_is1" = Tomb Raider Legenda wersja 1.2 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.7 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{2680FAEF-9E7A-4BC1-9A7E-0E9E72FDC4BB}" = X GXT Editor V.2.1 final "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001 "{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3AC520D6-717D-4315-BDBD-6B1A57CC8532}" = Advanced Net Tools (ANT) "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{47BF68F4-D0C5-462E-B8A0-87B030458D71}" = Dark Messiah of Might and Magic "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Zwierzaki "{4B52E7BC-28A6-F68C-A12F-BC7581BE344C}" = ATI Catalyst Install Manager "{4D54D8DF-25CF-9752-787E-BF8D560B009B}" = AMD Drag and Drop Transcoding "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{5157A26D-28AF-4E96-99EE-25D510437653}_is1" = SpaceChem "{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker "{584109EB-CEA0-4954-804B-211000018301}" = Tinker "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4 "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Młodzieżowy styl Akcesoria "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{62257E78-D1FB-44D9-A155-764B3F7BB76F}_is1" = Disk Doctors Photo Recovery (Win) "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kuchnia i łazienka Wystrój wnętrz Akcesoria "{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive "{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0 "{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Rozrywka rodzinna - Akcesoria "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® urządza dom Akcesoria "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2 "{6E9B216E-1D8F-06AB-FE30-FA19AC530F75}" = ccc-utility "{7097B6F1-00D1-4C32-8376-98D0AC47A469}_is1" = Gimnazjum 2011 wersja 1.5 "{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{7675C2B8-A4FC-F01D-B0EA-7F251E36D2F0}" = ccc-core-static "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{776F7D39-5704-DBBF-CAFE-8826F98462F3}" = Catalyst Control Center InstallProxy "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Własny biznes "{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{84000886-8F44-97F4-69CF-5C90D441E2BC}" = Catalyst Control Center Graphics Previews Common "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 Moda z H&M® Akcesoria "{852249E5-85F2-4959-AEFB-8D46D02E9BEE}" = Bionic Commando "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 Czas wolny "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE "{947EC1A7-B056-4D60-9D31-BD29BBBFC2B8}" = Kane and Lynch Dead Men "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A6F4E4F-9FAB-78A2-020B-3DAED3B2E0E1}" = AMD Fuel "{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Szyk i elegancja - Akcesoria "{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4 "{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding "{A9307988-3EA8-415E-A91E-0EB1FBF439DA}" = Adobe After Effects CS4 Third Party Content "{B0464744-7F9E-BC45-0398-ED28CFADCEDF}" = CCC Help English "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4 "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Osiedlowe życie "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2010.build.42 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BB751CFD-8BCE-9754-ACBE-D6EFDC69C937}" = WMV9/VC-1 Video Playback "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{BF801913-15B4-4B6C-9FF0-987EF271435A}" = Adobe Premiere Pro CS4 Third Party Content "{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English "{C301D681-00D3-4597-8446-3DE54FE20F1A}" = TortoiseSVN 1.6.11.20210 (32 bit) "{C3592426-531E-4110-911D-BFECE2CE284B}" = puush "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu! "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE977CAD-5230-4BFE-917B-091A4F08182B}" = Outfront - Na tyłach wroga "{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker "{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{DFB92E80-F614-8710-37BD-E5091D241B90}" = WMV9/VC-1 Video Playback "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Cztery pory roku "{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa "{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E77DF3B1-D561-4219-AB65-793AA079DC41}" = GT Legends - Aktualizacja v1.1 "{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Impreza! Akcesoria "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.078 "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Podróże "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nocne życie "{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F96609AF-F197-4C9A-A97D-6AE132F743D7}" = GTAPoliceMods Mod Pack "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Więzy Krwi "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12345_is1" = WeGame Client 2.3.0 "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 "AMIP_foobar2000" = AMIP for foobar2000 (remove only) "APB Reloaded" = APB Reloaded "AQQ" = WapSter AQQ "ASIO4ALL" = ASIO4ALL "Avidemux 2.5" = Avidemux 2.5 "Blitzkrieg" = Blitzkrieg Mod "Braid/PL-Polish_is1" = Braid "Bulletstorm_is1" = Bulletstorm "Capitalism II PL" = Capitalism II PL "City Life" = City Life 2008 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Combat Arms EU" = Combat Arms EU "Copssh" = Copssh (remove only) "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "CrystalDiskInfo_is1" = CrystalDiskInfo 3.9.1 "Defcon_is1" = Defcon Patch v1.6 "Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0 "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1 "DivX Setup.divx.com" = DivX Setup "D-Link VGA Webcam" = D-Link VGA Webcam "EADM" = EA Download Manager "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition "EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1 "FileZilla Client" = FileZilla Client 3.3.5.1 "FireFTP" = FireFTP "FL Studio 9" = FL Studio 9 "FlashGet 3.7" = FlashGet 3.7 "Foxit Reader" = Foxit Reader "Freecorder4.1" = Freecorder "GamersFirst LIVE!" = GamersFirst LIVE! "GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker "Hardcore" = Hardcore "HD Tune_is1" = HD Tune 2.55 "HLSW_is1" = HLSW v1.3.3.7b "ICW Base" = ICW Base(remove only) "ICW COPSSHCP" = ICW COPSSHCP(remove only) "ICW OpenSSHServer" = ICW OpenSSHServer (remove only) "IL Download Manager" = IL Download Manager "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo "InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Więzy Krwi "JDownloader" = JDownloader "Klawiatura wersja 2.8_is1" = Klawiatura wersja 2.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "MKVtoolnix" = MKVtoolnix 4.6.0 "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "MTA:SA" = MTA:SA v1.0.4-rc-02033-2-000 "MusicBrainz Picard" = MusicBrainz Picard "Natural Mod" = Natural Mod "Nmap" = Nmap 5.35DC1 "Notepad++" = Notepad++ "Onlink Update" = Onlink "OpenAL" = OpenAL "Opera 11.01.1190" = Opera 11.01 "Opera 11.01.1190_1" = Opera 11.01 "Phun_is1" = Algodoo Phun edition v5.28 "Picasa 3" = Picasa 3 "PoiZone" = PoiZone "PunkBusterSvc" = PunkBuster Services "Raptr" = Raptr "RealPlayer 12.0" = RealPlayer "Recuva" = Recuva "Sawer" = Sawer "Seismovision 3" = Seismovision 3 (remove only) "SFFixed" = SourceForts 1.9.4.1 Fixed "SpeedFan" = SpeedFan (remove only) "Steam App 1510" = Uplink "Steam App 2130" = Dark Messiah Might and Magic Multi-Player "Steam App 280" = Half-Life: Source "Steam App 360" = Half-Life Deathmatch: Source "Steam App 3960" = Shattered Union "Steam App 41100" = Hammerfight "Steam App 41300" = Altitude "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42720" = Call of Duty Black Ops - Remote Console "Steam App 58300" = System Protocol One "Steam App 62100" = Chime "Steam App 70100" = Hacker Evolution "Systweak CacheBoost_is1" = Systweak CacheBoost "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 5" = TeamViewer 5 "TeamViewer 6" = TeamViewer 6 "TightVNC" = TightVNC 2.0.2 "TmSunrise_is1" = TrackMania Sunrise "Toxic Biohazard" = Toxic Biohazard "TreeSize Free_is1" = TreeSize Free V2.4 "Trials 2 SE" = Trials 2 Second Edition "Tunngle beta_is1" = Tunngle beta "Update Service" = Sony Ericsson Update Service "uTorrent" = µTorrent "Veoh Web Player Beta" = Veoh Web Player "Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar "VLC media player" = VLC media player 1.0.5 "VobSub" = VobSub v2.23 (Remove Only) "Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1 "WinPcapInst" = WinPcap 4.1.2 "winscp3_is1" = WinSCP 4.3 beta "xchat" = XChat 2 (remove only) "X-Chat 2_is1" = X-Chat 2.8.6-2 "Xfire" = Xfire (remove only) "XnView_is1" = XnView 1.97.8 "XPMP" = Xfire Plus: Music Plugin [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "GameRanger" = GameRanger "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error: Unable to start EventLog service! < End of report >

Kod: Zaznacz wszystko: OTL logfile created on: 2011-04-24 22:20:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Filas\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 79,16 Gb Free Space | 54,08% Space Free | Partition Type: NTFS Drive D: | 244,10 Gb Total Space | 104,22 Gb Free Space | 42,70% Space Free | Partition Type: NTFS Drive E: | 150,26 Gb Total Space | 90,41 Gb Free Space | 60,17% Space Free | Partition Type: NTFS Drive F: | 72,70 Gb Total Space | 59,69 Gb Free Space | 82,11% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 3,71 Gb Free Space | 7,60% Space Free | Partition Type: NTFS Drive H: | 59,57 Gb Total Space | 6,21 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive I: | 97,65 Gb Total Space | 10,18 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive J: | 100,61 Gb Total Space | 6,34 Gb Free Space | 6,30% Space Free | Partition Type: NTFS Drive K: | 86,40 Gb Total Space | 21,45 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Drive N: | 146,48 Gb Total Space | 53,30 Gb Free Space | 36,38% Space Free | Partition Type: NTFS Computer Name: FILASPC | User Name: Filas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-04-24 22:13:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Filas\Downloads\OTL.exe PRC - [2011-04-08 13:28:52 | 003,510,160 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe PRC - [2011-04-07 12:34:04 | 008,882,688 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2011-04-05 16:40:44 | 000,517,864 | ---- | M] () -- C:\Program Files\puush\puush.exe PRC - [2011-04-03 08:10:46 | 011,857,920 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe PRC - [2011-04-03 08:07:26 | 002,437,120 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI\EADM.exe PRC - [2011-04-03 08:03:42 | 000,509,232 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI\EACoreServer.exe PRC - [2011-03-10 18:02:18 | 001,242,448 | ---- | M] (Valve Corporation) -- N:\Steam\Steam.exe PRC - [2011-03-09 06:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011-03-09 06:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011-01-17 16:20:23 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011-01-14 16:55:56 | 002,250,616 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011-01-11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe PRC - [2010-11-20 20:56:23 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2010-11-15 17:52:56 | 007,168,768 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe PRC - [2010-11-04 23:09:22 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe PRC - [2010-10-19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010-10-01 22:41:10 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2010-07-06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010-06-26 20:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe PRC - [2010-06-17 06:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe PRC - [2010-04-13 17:33:04 | 000,238,592 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-11-10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe PRC - [2009-11-04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe PRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe PRC - [2009-10-09 16:32:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008-04-04 12:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2008-03-09 14:54:58 | 000,074,480 | ---- | M] ( Systweak Inc) -- C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe PRC - [2007-06-05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe PRC - [2006-11-21 04:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-04-24 22:13:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Filas\Downloads\OTL.exe MOD - [2011-04-24 22:10:35 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll MOD - [2011-04-08 13:28:58 | 000,974,736 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_44183.dll MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll MOD - [2009-06-10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-03-09 06:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011-03-09 01:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011-01-14 16:55:56 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010-10-26 17:05:24 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010-10-19 18:37:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-10-19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010-10-18 20:33:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-07-01 05:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2010-06-17 06:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-10-16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 03:14:42 | 000,071,680 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\tlntsvr.exe -- (TlntSvr) SRV - [2009-05-14 02:22:32 | 000,068,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICW\bin\cygrunsrv.exe -- (OpenSSHServer) SRV - [2008-03-09 14:54:58 | 000,187,120 | ---- | M] (Systweak Inc) [Auto | Stopped] -- C:\Program Files\Systweak\Systweak CacheBoost\cbSrv.exe -- (CacheBoost Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-09 11:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011-03-09 06:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011-01-14 12:43:26 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2011-01-14 12:43:13 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011-01-14 12:43:13 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010-12-18 23:47:18 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2010-11-17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-10-21 15:11:02 | 000,081,680 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2010-09-02 18:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth) DRV - [2010-08-30 15:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisPT) DRV - [2010-08-30 15:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisMP) DRV - [2010-08-25 20:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\prwntdrv.sys -- (prwntdrv) DRV - [2010-08-16 16:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2010-08-16 16:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2010-07-16 02:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2010-07-15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2010-07-15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010-07-09 14:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010-07-01 05:38:04 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys -- (AODDriver2) DRV - [2010-06-09 18:05:38 | 000,039,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nm3.sys -- (nm3) DRV - [2010-02-18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009-12-21 22:50:16 | 000,005,760 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vHidDev.sys -- (vHidDev) DRV - [2009-09-30 13:43:02 | 000,016,640 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr) DRV - [2009-09-28 19:20:40 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr) DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009-07-16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009-05-05 06:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009-02-12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\dddsk.sys -- (ElRawDisk) DRV - [2009-02-03 17:39:23 | 000,063,096 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2008-01-24 16:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008-01-24 16:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008-01-24 16:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2008-01-24 16:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008-01-24 16:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007-02-08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2007-02-05 09:10:34 | 001,122,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17) DRV - [2006-09-24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006-07-10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2003-10-15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519) DRV - [2002-09-16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gazeta.pl/0,0.html?p=109 IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=109 IE - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=109" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-01-17 16:20:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-13 21:10:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-13 21:10:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-22 15:30:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-22 15:30:31 | 000,000,000 | ---D | M] [2011-03-20 17:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filas\AppData\Roaming\mozilla\Extensions [2011-03-20 17:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filas\AppData\Roaming\mozilla\Firefox\Profiles\e6zrjvwg.default\extensions [2011-03-28 21:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-03-28 21:11:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-13 21:10:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011-02-13 21:10:10 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011-01-17 16:20:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011-03-28 21:11:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011-03-03 18:38:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-03-03 18:38:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-03-03 18:38:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-03-03 18:38:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-03-03 18:38:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-03-03 18:38:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-01-08 23:24:30 | 000,001,685 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 sureserver.com O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Filas\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [CacheBoost] C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe ( Systweak Inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [HKLM] C:\Windows\windows32\svchost.exe () O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe () O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [HKCU] C:\Windows\windows32\svchost.exe () O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [puush] C:\Program Files\puush\puush.exe () O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [Steam] N:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_7d512c02e72ebd25] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cl_87324.inf_x86_neutral_b52c10eae430a1c8] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cw104557.inf_x86_neutral_3be31395a47f6113] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cw106232.inf_x86_neutral_6cf75ba43cfe598c] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\winsxs\x86_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_4b74e6cccd67ae70] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_a574bbd4a69c292d] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\windows32\svchost.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\windows32\svchost.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.238.44.4 83.238.44.3 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008-09-13 12:13:04 | 000,000,000 | ---D | M] - K:\autorun -- [ NTFS ] O33 - MountPoints2\{1df6f5c2-418e-11e0-bea3-485b3933ad11}\Shell - "" = AutoRun O33 - MountPoints2\{1df6f5c2-418e-11e0-bea3-485b3933ad11}\Shell\AutoRun\command - "" = O:\Autorun.exe O33 - MountPoints2\{e12054a4-1f28-11e0-958e-485b3933ad11}\Shell - "" = AutoRun O33 - MountPoints2\{e12054a4-1f28-11e0-958e-485b3933ad11}\Shell\AutoRun\command - "" = O:\Startme.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\SETUP.EXE O33 - MountPoints2\P\Shell - "" = AutoRun O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-04-24 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\NET [2011-04-24 21:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klawiatura [2011-04-24 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Malwarebytes [2011-04-24 21:39:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-04-24 21:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-04-24 21:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-04-24 21:39:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-04-24 21:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-04-23 16:50:55 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Local\Zachtronics Industries [2011-04-23 16:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zachtronics Industries [2011-04-22 18:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackMania Sunrise [2011-04-22 15:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011-04-22 15:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011-04-22 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011-04-22 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-04-22 15:30:00 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Local\Apple [2011-04-22 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-04-22 15:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011-04-21 14:13:24 | 000,022,016 | ---- | C] (Free Software Foundation) -- C:\msgunfmt.exe [2011-04-21 14:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit [2011-04-21 14:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Poedit [2011-04-21 02:23:59 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Local\AMD [2011-04-21 02:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011-04-21 02:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2011-04-21 02:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011-04-20 17:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phun [2011-04-20 17:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Algodoo Phun Edition [2011-04-14 19:12:10 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\runic games [2011-04-14 12:48:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011-04-14 12:48:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011-04-14 12:48:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011-04-14 12:48:24 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011-04-14 12:48:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011-04-14 12:48:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011-04-14 12:48:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011-04-14 12:48:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011-04-14 12:48:21 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011-04-14 12:48:21 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011-04-14 12:48:21 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011-04-14 12:48:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011-04-14 12:48:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011-04-14 12:48:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011-04-14 12:48:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011-04-14 12:48:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011-04-14 12:48:16 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011-04-14 12:48:15 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011-04-14 12:48:14 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011-04-14 12:48:14 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011-04-13 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monte Cristo [2011-04-13 20:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Monte Cristo [2011-04-13 20:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD [2011-04-13 20:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\JoWooD [2011-04-10 22:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks [2011-04-05 19:29:32 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\puush [2011-04-05 19:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush [2011-04-05 19:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\puush [2011-04-05 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Mumble [2011-04-05 11:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2011-04-05 11:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble [2011-04-03 21:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011-04-03 21:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2011-04-02 21:45:42 | 000,000,000 | ---D | C] -- C:\Windows\windows32 [2011-04-02 16:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimnazjum 2011 [2011-04-02 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Gimnazjum 2011 [2011-04-01 20:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2011-04-01 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2011-04-01 19:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2011-04-01 18:51:10 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2011-04-01 18:51:10 | 000,000,000 | ---D | C] -- C:\Nexon [2011-03-28 22:18:09 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\mkvtoolnix [2011-03-28 22:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVtoolnix [2011-03-28 22:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix [2011-03-28 22:05:35 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub [2011-03-28 22:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub [2011-03-28 22:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest [2011-03-28 21:11:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-03-28 21:11:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-03-28 21:11:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-03-26 21:39:11 | 000,000,000 | ---D | C] -- C:\Games [2011-03-26 16:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki [2011-03-26 15:14:28 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Local\Logitech [2011-03-26 15:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011-03-26 15:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2011-03-26 15:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech [2011-01-17 16:17:53 | 000,312,593 | ---- | C] (Collabo Interactive Solutions) -- C:\Program Files\RMPly00.exe [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-04-24 22:21:26 | 010,916,321 | -H-- | M] () -- C:\Users\Filas\AppData\Roaming\Filaslog.dat [2011-04-24 22:21:14 | 006,029,312 | -HS- | M] () -- C:\Users\Filas\NTUSER.DAT [2011-04-24 22:19:32 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2011-04-24 22:17:42 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-04-24 22:17:42 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-04-24 22:09:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-04-24 22:09:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-04-24 22:09:18 | 3219,738,624 | -HS- | M] () -- C:\hiberfil.sys [2011-04-24 22:08:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011-04-24 22:08:20 | 004,559,491 | -H-- | M] () -- C:\Users\Filas\AppData\Local\IconCache.db [2011-04-24 21:39:51 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-04-24 21:22:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-338048016-1798996921-2506611867-1000UA.job [2011-04-24 20:22:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-338048016-1798996921-2506611867-1000Core.job [2011-04-23 16:50:28 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\SpaceChem.lnk [2011-04-22 19:05:25 | 000,000,776 | ---- | M] () -- C:\Windows\System32\secustat.dat [2011-04-22 19:02:38 | 000,003,821 | ---- | M] () -- C:\Windows\System32\secushr.dat [2011-04-22 18:56:59 | 000,000,713 | ---- | M] () -- C:\Users\Filas\Desktop\TmSunrise.lnk [2011-04-22 15:30:25 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-04-21 14:15:45 | 000,014,296 | ---- | M] () -- C:\settings.po [2011-04-21 14:15:27 | 000,014,296 | ---- | M] () -- C:\Users\Filas\settings.po [2011-04-20 15:22:46 | 000,002,396 | ---- | M] () -- C:\Users\Filas\Desktop\Google Chrome.lnk [2011-04-18 15:07:12 | 001,632,052 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-04-18 15:07:12 | 000,727,238 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-04-18 15:07:12 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-04-18 15:07:12 | 000,149,336 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-04-18 15:07:12 | 000,116,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-04-16 03:16:48 | 002,212,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-04-15 15:13:06 | 000,140,248 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-04-15 15:12:42 | 000,266,400 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011-04-15 15:11:27 | 000,268,560 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011-04-14 20:00:10 | 000,014,345 | ---- | M] () -- C:\settings.mo [2011-04-12 14:51:27 | 000,089,406 | ---- | M] () -- C:\Users\Filas\Desktop\Minecraft.jar [2011-04-12 14:51:27 | 000,073,646 | ---- | M] () -- C:\Users\Filas\Desktop\Minecraft_modified.jar [2011-04-12 13:46:03 | 000,020,979 | ---- | M] () -- C:\Users\Filas\Desktop\Mineshafter-proxy.jar [2011-04-10 22:19:12 | 000,000,626 | ---- | M] () -- C:\Users\Filas\Desktop\World of Tanks RU.lnk [2011-04-08 13:28:58 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2011-04-07 11:09:03 | 000,001,053 | ---- | M] () -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2011-04-06 18:12:56 | 336,954,481 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-04-05 11:48:59 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk [2011-04-05 09:41:47 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2011-04-03 21:23:25 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-04-02 16:03:18 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Gimnazjum 2011.lnk [2011-04-01 19:39:27 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2011-04-01 18:51:10 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2011-04-01 18:51:10 | 000,000,235 | ---- | M] () -- C:\Windows\System32\nxEuUninstall.bat [2011-03-28 22:17:54 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk [2011-03-28 21:11:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-03-28 21:11:38 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-03-28 21:11:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-03-28 21:11:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-03-27 19:58:47 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\hamachi.lnk [2011-03-27 12:59:39 | 000,000,465 | ---- | M] () -- C:\Windows\System32\test [2011-03-27 12:56:51 | 000,064,248 | ---- | M] () -- C:\Users\Filas\AppData\Local\GDIPFONTCACHEV1.DAT [2011-03-26 21:39:17 | 000,000,780 | ---- | M] () -- C:\Users\Filas\Desktop\Toribash.lnk [2011-03-26 16:03:12 | 000,000,644 | ---- | M] () -- C:\Users\Filas\Desktop\GT Legends.lnk [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-04-24 21:39:51 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-04-23 16:50:28 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\SpaceChem.lnk [2011-04-22 18:56:59 | 000,000,713 | ---- | C] () -- C:\Users\Filas\Desktop\TmSunrise.lnk [2011-04-22 15:30:25 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-04-22 15:29:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011-04-21 14:15:45 | 000,014,296 | ---- | C] () -- C:\settings.po [2011-04-21 14:14:40 | 000,014,296 | ---- | C] () -- C:\Users\Filas\settings.po [2011-04-21 14:13:08 | 000,014,345 | ---- | C] () -- C:\settings.mo [2011-04-12 14:51:27 | 000,073,646 | ---- | C] () -- C:\Users\Filas\Desktop\Minecraft_modified.jar [2011-04-12 14:51:26 | 000,089,406 | ---- | C] () -- C:\Users\Filas\Desktop\Minecraft.jar [2011-04-12 13:46:03 | 000,020,979 | ---- | C] () -- C:\Users\Filas\Desktop\Mineshafter-proxy.jar [2011-04-10 22:19:12 | 000,000,626 | ---- | C] () -- C:\Users\Filas\Desktop\World of Tanks RU.lnk [2011-04-08 13:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011-04-07 11:09:03 | 000,001,053 | ---- | C] () -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2011-04-05 11:48:59 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk [2011-04-03 21:23:25 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-04-02 16:03:18 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Gimnazjum 2011.lnk [2011-04-01 19:39:27 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2011-04-01 18:51:10 | 000,000,235 | ---- | C] () -- C:\Windows\System32\nxEuUninstall.bat [2011-03-28 22:17:54 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk [2011-03-27 19:58:47 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\hamachi.lnk [2011-03-26 21:39:17 | 000,000,780 | ---- | C] () -- C:\Users\Filas\Desktop\Toribash.lnk [2011-03-26 15:59:04 | 000,000,644 | ---- | C] () -- C:\Users\Filas\Desktop\GT Legends.lnk [2011-03-21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011-03-20 17:07:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-03-16 20:20:45 | 000,003,821 | ---- | C] () -- C:\Windows\System32\secushr.dat [2011-03-16 19:59:17 | 000,284,672 | ---- | C] () -- C:\Windows\rapidui.exe [2011-03-16 19:54:20 | 000,000,776 | ---- | C] () -- C:\Windows\System32\secustat.dat [2011-03-16 19:53:32 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011-02-22 20:03:49 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe [2011-02-22 20:03:49 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe [2011-02-22 20:03:49 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe [2011-02-02 00:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-01-26 18:09:03 | 000,000,600 | ---- | C] () -- C:\Users\Filas\AppData\Roaming\winscp.rnd [2011-01-26 15:28:59 | 000,000,600 | ---- | C] () -- C:\Users\Filas\AppData\Local\PUTTY.RND [2011-01-24 16:50:00 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2011-01-24 16:50:00 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2011-01-24 16:50:00 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2011-01-21 20:33:31 | 000,138,056 | ---- | C] () -- C:\Users\Filas\AppData\Roaming\PnkBstrK.sys [2011-01-21 20:33:06 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011-01-18 04:04:55 | 004,559,491 | -H-- | C] () -- C:\Users\Filas\AppData\Local\IconCache.db [2011-01-17 16:20:02 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011-01-13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-01-08 23:33:06 | 000,000,006 | ---- | C] () -- C:\Windows\System32\tna4D28D812.sys [2010-12-21 20:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-12-18 23:56:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2010-11-29 13:28:25 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2010-11-29 13:28:25 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2010-11-29 13:28:25 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2010-11-29 13:28:25 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2010-11-29 13:28:25 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2010-11-27 20:25:31 | 000,098,696 | ---- | C] () -- C:\Windows\System32\setupprwdrv03.exe [2010-11-27 20:25:31 | 000,013,704 | ---- | C] () -- C:\Windows\System32\prwntdrv.sys [2010-10-29 22:39:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010-10-26 20:51:45 | 000,007,605 | ---- | C] () -- C:\Users\Filas\AppData\Local\resmon.resmoncfg [2010-10-21 18:43:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010-10-21 18:43:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010-10-21 18:43:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010-10-21 18:43:11 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010-10-21 18:43:11 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010-10-21 18:43:11 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2010-10-20 19:23:19 | 000,140,248 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010-10-20 19:23:11 | 000,266,400 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010-10-20 19:22:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010-10-18 20:17:34 | 000,064,248 | ---- | C] () -- C:\Users\Filas\AppData\Local\GDIPFONTCACHEV1.DAT [2010-10-18 20:14:07 | 001,632,052 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2010-10-18 20:11:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010-10-18 20:11:50 | 000,028,289 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010-07-16 02:45:44 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009-12-03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009-07-16 05:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009-07-14 10:07:57 | 000,727,238 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,149,336 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 06:33:53 | 002,212,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 04:05:48 | 000,642,020 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,116,546 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:04:23 | 000,000,538 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:29 | 000,071,680 | ---- | C] () -- C:\Windows\System32\tlntsvr.exe [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-13 23:41:56 | 000,053,552 | ---- | C] () -- C:\Windows\System32\dosx.exe [2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2009-02-19 05:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe [2008-12-01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2005-04-08 04:16:43 | 010,915,939 | -H-- | C] () -- C:\Users\Filas\AppData\Roaming\Filaslog.dat [2002-10-16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2011-04-20 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\.minecraft [2011-03-04 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\avidemux [2011-03-05 01:12:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Azureus [2011-04-22 19:05:25 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\BITS [2011-02-16 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Braid [2010-12-29 16:54:01 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Chime [2010-10-22 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\DAEMON Tools Lite [2011-01-24 04:06:48 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Datarescue [2011-04-24 22:20:37 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\DNA [2011-04-05 19:29:26 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Downloaded Installations [2011-01-11 13:17:02 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\EurekaLog [2011-04-05 19:27:48 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FileZilla [2011-03-16 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FireFTP [2011-03-16 19:53:20 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FlashGet [2011-03-16 19:53:19 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FlashGetBHO [2010-10-19 15:00:30 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\fofix [2011-04-24 22:08:09 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\foobar2000 [2010-11-12 02:20:04 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Foxit Software [2010-10-22 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\GameRanger [2011-01-15 18:49:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Golly [2011-02-21 11:52:25 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\gtk-2.0 [2011-01-24 04:06:55 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Hex-Rays [2011-04-22 12:02:08 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\HLSW [2010-11-07 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\JAM Software [2010-10-22 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Leadertech [2011-03-28 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\mkvtoolnix [2010-10-22 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\MotioninJoy [2011-04-06 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Mumble [2011-03-17 20:07:07 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\MusicBrainz [2010-12-16 12:44:58 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Notepad++ [2010-12-30 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Onlink [2011-02-20 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Opera [2011-04-05 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\puush [2011-04-07 11:07:54 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Raptr [2011-02-18 15:36:47 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Razer [2011-04-14 19:12:10 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\runic games [2010-10-28 15:30:44 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Subversion [2010-12-19 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Systweak [2010-11-07 01:50:09 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\TeamViewer [2011-01-26 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\TightVNC [2011-01-09 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Tropico3 [2010-10-18 21:05:36 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\TS3Client [2011-04-02 20:53:26 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Tunngle [2011-04-11 02:12:37 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\uTorrent [2010-10-19 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\W [2010-12-27 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\wargaming.net [2011-04-21 02:25:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\X-Chat 2 [2011-03-22 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\XnView [2011-04-24 22:07:10 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C < End of report >

Kod: Zaznacz wszystko: GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-04-25 03:01:36 Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SJ rev.1AJ10001 Running: f1etrxy0.exe; Driver: C:\Users\Filas\AppData\Local\Temp\kwtdypow.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? C45B17D8 INT 0x71 ? C3B132D8 INT 0x72 ? C3B13058 INT 0x81 ? C3B137D8 INT 0x82 ? C45B1CD8 INT 0x91 ? C3B13558 INT 0x92 ? C47FBA58 INT 0xA1 ? C45B1558 INT 0xB0 ? C47FB2D8 INT 0xB1 ? C3B13CD8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrlStaforce.exe!ZwSaveKeyEx + 13DD E2E5A609 1 Byte [06] .text ntkrlStaforce.exe!KiDispatchInterrupt + 5A2 E2E7F052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0xD3807000, 0x388539, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Tunngle\TnglCtrl.exe[120] ntdll.dll!DbgBreakPoint 77CA3370 1 Byte [90] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[2564] kernel32.dll!GetTempFileNameW 765991F5 5 Bytes JMP 10002040 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[2564] kernel32.dll!CreateFileW 765B0B7D 5 Bytes JMP 10001D10 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] kernel32.dll!CreateProcessA 76562062 5 Bytes JMP 05E537AC C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] kernel32.dll!CreateThread 765B281D 5 Bytes JMP 05E53150 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] GDI32.dll!BitBlt 763A7180 5 Bytes JMP 05E52BC8 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!InvalidateRgn 77A08099 5 Bytes JMP 05E52DAE C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!CreateDialogParamW 77A09BFF 5 Bytes JMP 05E5329B C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!GetCursorPos 77A0C198 5 Bytes JMP 05E52EE4 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!SetFocus 77A0CBA9 5 Bytes JMP 05E52C78 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!SetForegroundWindow 77A0D3AE 5 Bytes JMP 05E533E9 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!RegisterClassA 77A0E225 5 Bytes JMP 05E530B8 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!CreateWindowExW 77A10E51 5 Bytes JMP 05E53481 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!SetWindowPos 77A13581 5 Bytes JMP 05E5333F C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!RedrawWindow 77A152A2 5 Bytes JMP 05E53017 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!IsWindowVisible 77A16939 7 Bytes JMP 05E5353A C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!GetDC 77A17041 5 Bytes JMP 05E52A99 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!ReleaseDC 77A17055 5 Bytes JMP 05E52B2D C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!BeginPaint 77A17B87 5 Bytes JMP 05E52A05 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!InvalidateRect 77A17BC9 5 Bytes JMP 05E52D10 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!TrackPopupMenu 77A34B3B 5 Bytes JMP 05E53702 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!DialogBoxParamW 77A3564A 5 Bytes JMP 05E531F7 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!SetCapture 77A36B2A 5 Bytes JMP 05E52E4C C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[3000] USER32.dll!WindowFromPoint 77A36D0C 5 Bytes JMP 05E52F7C C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3440] kernel32.dll!SetUnhandledExceptionFilter 765B3162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4068] kernel32.dll!GetTempFileNameW 765991F5 5 Bytes JMP 10002040 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4068] kernel32.dll!CreateFileW 765B0B7D 5 Bytes JMP 10001D10 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtCreateFile + 6 77CB4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtCreateFile + B 77CB487B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 1 Byte [28] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + B 77CB4EDB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenFile + 6 77CB4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenFile + B 77CB4F8B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcess + 6 77CB5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcess + B 77CB503B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessToken + B 77CB504B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessTokenEx + 6 77CB5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessTokenEx + B 77CB505B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThread + 6 77CB50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThread + B 77CB50BB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadToken + 6 77CB50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadToken + B 77CB50CB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadTokenEx + B 77CB50DB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryAttributesFile + 6 77CB51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryAttributesFile + B 77CB51EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryFullAttributesFile + B 77CB529B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationFile + 6 77CB58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationFile + B 77CB58EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationThread + 6 77CB5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationThread + B 77CB594B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 1 Byte [68] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + B 77CB5C6B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] kernel32.dll!GetTempFileNameW 765991F5 5 Bytes JMP 10002040 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[4364] kernel32.dll!CreateFileW 765B0B7D 5 Bytes JMP 10001D10 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!sendto 762B3AED 5 Bytes JMP 021CB21B C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!WSARecvFrom 762B418D 5 Bytes JMP 021CB36C C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!recv 762B47DF 5 Bytes JMP 021CB03D C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!WSASend 762B68A7 5 Bytes JMP 021CB41C C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!recvfrom 762BBF39 5 Bytes JMP 021CB0D7 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!WSARecv 762BC29F 5 Bytes JMP 021CB2C2 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!send 762BC4C8 5 Bytes JMP 021CB17A C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe[4764] WS2_32.dll!WSASendTo 762CADC4 5 Bytes JMP 021CB4C6 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtCreateFile + 6 77CB4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtCreateFile + B 77CB487B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 1 Byte [28] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtMapViewOfSection + B 77CB4EDB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenFile + 6 77CB4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenFile + B 77CB4F8B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcess + 6 77CB5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcess + B 77CB503B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcessToken + B 77CB504B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcessTokenEx + 6 77CB5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcessTokenEx + B 77CB505B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThread + 6 77CB50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThread + B 77CB50BB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThreadToken + 6 77CB50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThreadToken + B 77CB50CB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThreadTokenEx + B 77CB50DB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtQueryAttributesFile + 6 77CB51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtQueryAttributesFile + B 77CB51EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtQueryFullAttributesFile + B 77CB529B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationFile + 6 77CB58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationFile + B 77CB58EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationThread + 6 77CB5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationThread + B 77CB594B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 1 Byte [68] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtUnmapViewOfSection + B 77CB5C6B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5568] kernel32.dll!GetTempFileNameW 765991F5 5 Bytes JMP 00402040 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5568] kernel32.dll!CreateFileW 765B0B7D 5 Bytes JMP 00401D10 C:\Users\Filas\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.) .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + 6 77CB4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + B 77CB487B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 1 Byte [28] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + B 77CB4EDB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + 6 77CB4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + B 77CB4F8B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + 6 77CB5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + B 77CB503B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessToken + B 77CB504B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + 6 77CB5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + B 77CB505B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + 6 77CB50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + B 77CB50BB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + 6 77CB50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + B 77CB50CB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadTokenEx + B 77CB50DB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + 6 77CB51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + B 77CB51EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryFullAttributesFile + B 77CB529B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + 6 77CB58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + B 77CB58EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + 6 77CB5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + B 77CB594B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 1 Byte [68] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + B 77CB5C6B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + 6 77CB4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + B 77CB487B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 1 Byte [28] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + B 77CB4EDB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + 6 77CB4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + B 77CB4F8B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + 6 77CB5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + B 77CB503B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessToken + B 77CB504B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + 6 77CB5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + B 77CB505B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + 6 77CB50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + B 77CB50BB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + 6 77CB50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + B 77CB50CB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadTokenEx + B 77CB50DB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + 6 77CB51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + B 77CB51EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryFullAttributesFile + B 77CB529B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + 6 77CB58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + B 77CB58EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + 6 77CB5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + B 77CB594B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 1 Byte [68] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + B 77CB5C6B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + 6 77CB4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + B 77CB487B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 1 Byte [28] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + 6 77CB4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + B 77CB4EDB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + 6 77CB4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + B 77CB4F8B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + 6 77CB5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + B 77CB503B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessToken + B 77CB504B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + 6 77CB5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + B 77CB505B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + 6 77CB50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + B 77CB50BB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + 6 77CB50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + B 77CB50CB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadTokenEx + B 77CB50DB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + 6 77CB51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + B 77CB51EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryFullAttributesFile + B 77CB529B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + 6 77CB58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + B 77CB58EB 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + 6 77CB5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + B 77CB594B 1 Byte [E2] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 1 Byte [68] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + 6 77CB5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Filas\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + B 77CB5C6B 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\rundll32.exe[5200] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D15E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[5200] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D15E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[5200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D15E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[5200] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D15E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[5200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D15E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[5200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75D15E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume13 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume14 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000068 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{31ED7FFD-A418-4AD1-B8A2-928DC260E013}\Connection@Name isatap.{33B7B377-6D6F-4EBE-95D4-EEFC5003750D} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{1098AFAB-CBCC-467A-BEBB-3708CD29F335}?\Device\{2E3012E3-CB41-4602-96A1-F58D41A44993}?\Device\{70AA06BA-5039-48E1-A9A4-6D326F199D18}?\Device\{31ED7FFD-A418-4AD1-B8A2-928DC260E013}?\Device\{527C9112-17C5-4D50-A848-C1C60BEF5B57}?\Device\{BCB8CB26-EBAE-49AE-A132-2B0C6488E13F}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{1098AFAB-CBCC-467A-BEBB-3708CD29F335}"?"{2E3012E3-CB41-4602-96A1-F58D41A44993}"?"{70AA06BA-5039-48E1-A9A4-6D326F199D18}"?"{31ED7FFD-A418-4AD1-B8A2-928DC260E013}"?"{527C9112-17C5-4D50-A848-C1C60BEF5B57}"?"{BCB8CB26-EBAE-49AE-A132-2B0C6488E13F}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{1098AFAB-CBCC-467A-BEBB-3708CD29F335}?\Device\TCPIP6TUNNEL_{2E3012E3-CB41-4602-96A1-F58D41A44993}?\Device\TCPIP6TUNNEL_{70AA06BA-5039-48E1-A9A4-6D326F199D18}?\Device\TCPIP6TUNNEL_{31ED7FFD-A418-4AD1-B8A2-928DC260E013}?\Device\TCPIP6TUNNEL_{527C9112-17C5-4D50-A848-C1C60BEF5B57}?\Device\TCPIP6TUNNEL_{BCB8CB26-EBAE-49AE-A132-2B0C6488E13F}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{31ED7FFD-A418-4AD1-B8A2-928DC260E013}@InterfaceName isatap.{33B7B377-6D6F-4EBE-95D4-EEFC5003750D} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{31ED7FFD-A418-4AD1-B8A2-928DC260E013}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC3 0x8C 0x42 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0x80 0xB4 0x75 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC3 0x8C 0x42 0xBD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0x80 0xB4 0x75 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{5EC11E48-FAE7-11DF-8F0C-806E6F6E6963} 21997986728 Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xAE 0x00 0xED 0x1E ... ---- Files - GMER 1.0.15 ---- File C:\Program Files\Trend Micro 0 bytes File C:\Program Files\Trend Micro\HiJackThis 0 bytes File C:\Program Files\Trend Micro\HiJackThis\backups 0 bytes File C:\Program Files\Trend Micro\HiJackThis\backups\backup-20110424-225554-619 84 bytes File C:\Program Files\Trend Micro\HiJackThis\backups\backup-20110424-225554-829 95 bytes File C:\Program Files\Trend Micro\HiJackThis\backups\backup-20110424-225554-839 136 bytes File C:\Program Files\Trend Micro\HiJackThis\backups\backup-20110424-225554-922 89 bytes File C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe 388096 bytes executable File C:\Users\Filas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C61QRLKH\adserver[2].htm 0 bytes ---- EOF - GMER 1.0.15 ----

**Posty:** 18165 · przez **wojtas** 25 Kwi 2011, 11:03

odinstalowałeś przed użyciem Gmera programy emulujące ? np alcohol?

znasz te aplikacje ?

C:\Program Files\puush\
C:\Program Files\Mumble

odinstaluj śmiecia: Veoh Web Player Toolbar

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HKLM] C:\Windows\windows32\svchost.exe ()
O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [HKCU] C:\Windows\windows32\svchost.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\windows32\svchost.exe ()
O7 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\windows32\svchost.exe ()
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 1053 · przez **Filas** 25 Kwi 2011, 19:05

Puush i Mumble używam. DT odinstalowałem, Alcohola chyba też. A przynajmniej nie mogę go odinstalować, czyli raczej go nie ma.
Raportu z czyszczenia nie miałem.

Kod: Zaznacz wszystko: OTL logfile created on: 2011-04-25 19:00:30 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Filas\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 79,65 Gb Free Space | 54,41% Space Free | Partition Type: NTFS Drive D: | 244,10 Gb Total Space | 103,35 Gb Free Space | 42,34% Space Free | Partition Type: NTFS Drive E: | 150,26 Gb Total Space | 90,41 Gb Free Space | 60,17% Space Free | Partition Type: NTFS Drive F: | 72,70 Gb Total Space | 59,69 Gb Free Space | 82,11% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 3,71 Gb Free Space | 7,60% Space Free | Partition Type: NTFS Drive H: | 59,57 Gb Total Space | 6,21 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive I: | 97,65 Gb Total Space | 10,18 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive J: | 100,61 Gb Total Space | 6,34 Gb Free Space | 6,30% Space Free | Partition Type: NTFS Drive K: | 86,40 Gb Total Space | 21,45 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Drive N: | 146,48 Gb Total Space | 53,29 Gb Free Space | 36,38% Space Free | Partition Type: NTFS Computer Name: FILASPC | User Name: Filas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-04-24 22:13:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Filas\Downloads\OTL.exe PRC - [2011-04-08 13:28:52 | 003,510,160 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe PRC - [2011-04-07 12:34:04 | 008,882,688 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2011-04-05 16:40:44 | 000,517,864 | ---- | M] () -- C:\Program Files\puush\puush.exe PRC - [2011-03-17 17:03:51 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe PRC - [2011-03-10 18:02:18 | 001,242,448 | ---- | M] (Valve Corporation) -- N:\Steam\Steam.exe PRC - [2011-03-09 06:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011-03-09 06:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011-03-09 01:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011-01-14 16:55:56 | 002,250,616 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011-01-11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010-11-20 20:56:23 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2010-11-04 23:09:22 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe PRC - [2010-10-19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010-10-01 22:41:10 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2010-07-06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010-06-17 06:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe PRC - [2010-04-13 17:33:04 | 000,238,592 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe PRC - [2009-11-10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe PRC - [2009-11-04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe PRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe PRC - [2009-10-09 16:32:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008-04-04 12:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2008-03-09 14:54:58 | 000,074,480 | ---- | M] ( Systweak Inc) -- C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe PRC - [2007-08-16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe PRC - [2007-06-05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe PRC - [2006-11-21 04:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-04-24 22:13:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Filas\Downloads\OTL.exe MOD - [2011-04-08 13:28:58 | 000,974,736 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_44183.dll MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-04-24 22:58:52 | 003,229,784 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll -- (Akamai) SRV - [2011-03-09 06:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011-03-09 01:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011-01-14 16:55:56 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010-10-26 17:05:24 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010-10-19 18:37:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-10-19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010-10-18 20:33:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-07-01 05:45:02 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2010-06-17 06:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-10-16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 03:14:42 | 000,071,680 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\tlntsvr.exe -- (TlntSvr) SRV - [2009-05-14 02:22:32 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ICW\bin\cygrunsrv.exe -- (OpenSSHServer) SRV - [2008-03-09 14:54:58 | 000,187,120 | ---- | M] (Systweak Inc) [Auto | Stopped] -- C:\Program Files\Systweak\Systweak CacheBoost\cbSrv.exe -- (CacheBoost Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-09 11:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011-03-09 06:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011-01-14 12:43:26 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2011-01-14 12:43:13 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011-01-14 12:43:13 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010-12-18 23:47:18 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2010-11-17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-10-21 15:11:02 | 000,081,680 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2010-09-02 18:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth) DRV - [2010-08-30 15:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisPT) DRV - [2010-08-30 15:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisMP) DRV - [2010-08-25 20:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\prwntdrv.sys -- (prwntdrv) DRV - [2010-08-16 16:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2010-08-16 16:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2010-07-16 02:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2010-07-15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2010-07-15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010-07-09 14:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010-07-01 05:38:04 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys -- (AODDriver2) DRV - [2010-06-09 18:05:38 | 000,039,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nm3.sys -- (nm3) DRV - [2010-02-18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009-12-21 22:50:16 | 000,005,760 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vHidDev.sys -- (vHidDev) DRV - [2009-09-30 13:43:02 | 000,016,640 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr) DRV - [2009-09-28 19:20:40 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr) DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009-07-16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009-05-05 06:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009-02-12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\dddsk.sys -- (ElRawDisk) DRV - [2009-02-03 17:39:23 | 000,063,096 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2008-01-24 16:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008-01-24 16:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008-01-24 16:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2008-01-24 16:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008-01-24 16:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007-02-08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2007-02-05 09:10:34 | 001,122,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17) DRV - [2006-09-24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006-07-10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2003-10-15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519) DRV - [2002-09-16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gazeta.pl/0,0.html?p=109 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=109 IE - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=109" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-01-17 16:20:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-13 21:10:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-13 21:10:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-22 15:30:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-22 15:30:31 | 000,000,000 | ---D | M] [2011-03-20 17:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filas\AppData\Roaming\mozilla\Extensions [2011-03-20 17:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filas\AppData\Roaming\mozilla\Firefox\Profiles\e6zrjvwg.default\extensions [2011-03-28 21:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-03-28 21:11:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-13 21:10:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011-02-13 21:10:10 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011-01-17 16:20:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011-03-28 21:11:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011-03-03 18:38:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-03-03 18:38:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-03-03 18:38:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-03-03 18:38:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-03-03 18:38:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-03-03 18:38:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-01-08 23:24:30 | 000,001,685 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 sureserver.com O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Filas\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (no name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found. O4 - HKLM..\Run: [CacheBoost] C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe ( Systweak Inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe () O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [puush] C:\Program Files\puush\puush.exe () O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [Steam] N:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_7d512c02e72ebd25] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cl_87324.inf_x86_neutral_b52c10eae430a1c8] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cw104557.inf_x86_neutral_3be31395a47f6113] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cw106232.inf_x86_neutral_6cf75ba43cfe598c] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\winsxs\x86_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_4b74e6cccd67ae70] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_a574bbd4a69c292d] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Filas\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.238.44.4 83.238.44.3 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008-09-13 12:13:04 | 000,000,000 | ---D | M] - K:\autorun -- [ NTFS ] O33 - MountPoints2\{1df6f5c2-418e-11e0-bea3-485b3933ad11}\Shell - "" = AutoRun O33 - MountPoints2\{1df6f5c2-418e-11e0-bea3-485b3933ad11}\Shell\AutoRun\command - "" = O:\Autorun.exe O33 - MountPoints2\{e12054a4-1f28-11e0-958e-485b3933ad11}\Shell - "" = AutoRun O33 - MountPoints2\{e12054a4-1f28-11e0-958e-485b3933ad11}\Shell\AutoRun\command - "" = O:\Startme.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\SETUP.EXE O33 - MountPoints2\P\Shell - "" = AutoRun O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-04-25 18:55:18 | 000,000,000 | ---D | C] -- C:\_OTL [2011-04-24 23:08:12 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames [2011-04-24 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai [2011-04-24 22:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-04-24 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011-04-24 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\NET [2011-04-24 21:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klawiatura [2011-04-24 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Malwarebytes [2011-04-24 21:39:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-04-24 21:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-04-24 21:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-04-24 21:39:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-04-24 21:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-04-23 16:50:55 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Local\Zachtronics Industries [2011-04-23 16:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zachtronics Industries [2011-04-22 18:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackMania Sunrise [2011-04-22 15:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011-04-22 15:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011-04-22 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011-04-22 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-04-22 15:30:00 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Local\Apple [2011-04-22 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-04-22 15:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011-04-21 14:13:24 | 000,022,016 | ---- | C] (Free Software Foundation) -- C:\msgunfmt.exe [2011-04-21 14:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit [2011-04-21 14:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Poedit [2011-04-21 02:23:59 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Local\AMD [2011-04-21 02:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011-04-21 02:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2011-04-21 02:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011-04-20 17:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phun [2011-04-20 17:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Algodoo Phun Edition [2011-04-14 19:12:10 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\runic games [2011-04-14 12:48:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011-04-14 12:48:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011-04-14 12:48:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011-04-14 12:48:24 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011-04-14 12:48:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011-04-14 12:48:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011-04-14 12:48:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011-04-14 12:48:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011-04-14 12:48:21 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011-04-14 12:48:21 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011-04-14 12:48:21 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011-04-14 12:48:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011-04-14 12:48:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011-04-14 12:48:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011-04-14 12:48:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011-04-14 12:48:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011-04-14 12:48:16 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011-04-14 12:48:15 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011-04-14 12:48:14 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011-04-14 12:48:14 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011-04-13 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monte Cristo [2011-04-13 20:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Monte Cristo [2011-04-13 20:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD [2011-04-13 20:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\JoWooD [2011-04-10 22:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks [2011-04-05 19:29:32 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\puush [2011-04-05 19:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush [2011-04-05 19:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\puush [2011-04-05 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Mumble [2011-04-05 11:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2011-04-05 11:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble [2011-04-03 21:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011-04-03 21:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2011-04-02 21:45:42 | 000,000,000 | ---D | C] -- C:\Windows\windows32 [2011-04-02 16:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimnazjum 2011 [2011-04-02 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Gimnazjum 2011 [2011-04-01 20:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2011-04-01 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2011-04-01 19:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2011-04-01 18:51:10 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2011-04-01 18:51:10 | 000,000,000 | ---D | C] -- C:\Nexon [2011-03-28 22:18:09 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\mkvtoolnix [2011-03-28 22:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVtoolnix [2011-03-28 22:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix [2011-03-28 22:05:35 | 000,000,000 | ---D | C] -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub [2011-03-28 22:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub [2011-03-28 22:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest [2011-03-28 21:11:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-03-28 21:11:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-03-28 21:11:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-03-26 21:39:11 | 000,000,000 | ---D | C] -- C:\Games [2011-01-17 16:17:53 | 000,312,593 | ---- | C] (Collabo Interactive Solutions) -- C:\Program Files\RMPly00.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-04-25 18:57:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-04-25 18:56:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-04-25 18:56:51 | 3219,738,624 | -HS- | M] () -- C:\hiberfil.sys [2011-04-25 18:55:50 | 006,029,312 | -HS- | M] () -- C:\Users\Filas\NTUSER.DAT [2011-04-25 18:22:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-338048016-1798996921-2506611867-1000UA.job [2011-04-25 18:00:15 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2011-04-25 17:59:08 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-04-25 17:59:08 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-04-25 17:53:45 | 011,334,938 | -H-- | M] () -- C:\Users\Filas\AppData\Roaming\Filaslog.dat [2011-04-25 17:50:04 | 431,862,849 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-04-25 15:14:22 | 000,000,776 | ---- | M] () -- C:\Windows\System32\secustat.dat [2011-04-25 03:57:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011-04-25 03:56:58 | 004,554,703 | -H-- | M] () -- C:\Users\Filas\AppData\Local\IconCache.db [2011-04-25 02:18:10 | 000,007,602 | ---- | M] () -- C:\Users\Filas\AppData\Local\resmon.resmoncfg [2011-04-24 23:08:12 | 000,000,673 | ---- | M] () -- C:\Users\Filas\Desktop\Metal Assault.lnk [2011-04-24 22:54:35 | 000,002,963 | ---- | M] () -- C:\Users\Filas\Desktop\HiJackThis.lnk [2011-04-24 21:39:51 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-04-24 20:22:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-338048016-1798996921-2506611867-1000Core.job [2011-04-23 16:50:28 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\SpaceChem.lnk [2011-04-22 19:02:38 | 000,003,821 | ---- | M] () -- C:\Windows\System32\secushr.dat [2011-04-22 18:56:59 | 000,000,713 | ---- | M] () -- C:\Users\Filas\Desktop\TmSunrise.lnk [2011-04-22 15:30:25 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-04-21 14:15:45 | 000,014,296 | ---- | M] () -- C:\settings.po [2011-04-21 14:15:27 | 000,014,296 | ---- | M] () -- C:\Users\Filas\settings.po [2011-04-20 15:22:46 | 000,002,396 | ---- | M] () -- C:\Users\Filas\Desktop\Google Chrome.lnk [2011-04-18 15:07:12 | 001,632,052 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-04-18 15:07:12 | 000,727,238 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-04-18 15:07:12 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-04-18 15:07:12 | 000,149,336 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-04-18 15:07:12 | 000,116,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-04-16 03:16:48 | 002,212,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-04-15 15:13:06 | 000,140,248 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-04-15 15:12:42 | 000,266,400 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011-04-15 15:11:27 | 000,268,560 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011-04-14 20:00:10 | 000,014,345 | ---- | M] () -- C:\settings.mo [2011-04-12 14:51:27 | 000,089,406 | ---- | M] () -- C:\Users\Filas\Desktop\Minecraft.jar [2011-04-12 14:51:27 | 000,073,646 | ---- | M] () -- C:\Users\Filas\Desktop\Minecraft_modified.jar [2011-04-12 13:46:03 | 000,020,979 | ---- | M] () -- C:\Users\Filas\Desktop\Mineshafter-proxy.jar [2011-04-10 22:19:12 | 000,000,626 | ---- | M] () -- C:\Users\Filas\Desktop\World of Tanks RU.lnk [2011-04-08 13:28:58 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2011-04-07 11:09:03 | 000,001,053 | ---- | M] () -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2011-04-05 11:48:59 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk [2011-04-05 09:41:47 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2011-04-03 21:23:25 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-04-02 16:03:18 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Gimnazjum 2011.lnk [2011-04-01 19:39:27 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2011-04-01 18:51:10 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2011-04-01 18:51:10 | 000,000,235 | ---- | M] () -- C:\Windows\System32\nxEuUninstall.bat [2011-03-28 22:17:54 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk [2011-03-28 21:11:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-03-28 21:11:38 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-03-28 21:11:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-03-28 21:11:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-03-27 19:58:47 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\hamachi.lnk [2011-03-27 12:59:39 | 000,000,465 | ---- | M] () -- C:\Windows\System32\test [2011-03-27 12:56:51 | 000,064,248 | ---- | M] () -- C:\Users\Filas\AppData\Local\GDIPFONTCACHEV1.DAT [2011-03-26 21:39:17 | 000,000,780 | ---- | M] () -- C:\Users\Filas\Desktop\Toribash.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-04-24 23:08:12 | 000,000,673 | ---- | C] () -- C:\Users\Filas\Desktop\Metal Assault.lnk [2011-04-24 22:54:35 | 000,002,963 | ---- | C] () -- C:\Users\Filas\Desktop\HiJackThis.lnk [2011-04-24 21:39:51 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-04-23 16:50:28 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\SpaceChem.lnk [2011-04-22 18:56:59 | 000,000,713 | ---- | C] () -- C:\Users\Filas\Desktop\TmSunrise.lnk [2011-04-22 15:30:25 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-04-22 15:29:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011-04-21 14:15:45 | 000,014,296 | ---- | C] () -- C:\settings.po [2011-04-21 14:14:40 | 000,014,296 | ---- | C] () -- C:\Users\Filas\settings.po [2011-04-21 14:13:08 | 000,014,345 | ---- | C] () -- C:\settings.mo [2011-04-12 14:51:27 | 000,073,646 | ---- | C] () -- C:\Users\Filas\Desktop\Minecraft_modified.jar [2011-04-12 14:51:26 | 000,089,406 | ---- | C] () -- C:\Users\Filas\Desktop\Minecraft.jar [2011-04-12 13:46:03 | 000,020,979 | ---- | C] () -- C:\Users\Filas\Desktop\Mineshafter-proxy.jar [2011-04-10 22:19:12 | 000,000,626 | ---- | C] () -- C:\Users\Filas\Desktop\World of Tanks RU.lnk [2011-04-08 13:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011-04-07 11:09:03 | 000,001,053 | ---- | C] () -- C:\Users\Filas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2011-04-05 11:48:59 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk [2011-04-03 21:23:25 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-04-02 16:03:18 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Gimnazjum 2011.lnk [2011-04-01 19:39:27 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2011-04-01 18:51:10 | 000,000,235 | ---- | C] () -- C:\Windows\System32\nxEuUninstall.bat [2011-03-28 22:17:54 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk [2011-03-27 19:58:47 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\hamachi.lnk [2011-03-26 21:39:17 | 000,000,780 | ---- | C] () -- C:\Users\Filas\Desktop\Toribash.lnk [2011-03-21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011-03-20 17:07:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-03-16 20:20:45 | 000,003,821 | ---- | C] () -- C:\Windows\System32\secushr.dat [2011-03-16 19:59:17 | 000,284,672 | ---- | C] () -- C:\Windows\rapidui.exe [2011-03-16 19:54:20 | 000,000,776 | ---- | C] () -- C:\Windows\System32\secustat.dat [2011-03-16 19:53:32 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011-02-22 20:03:49 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe [2011-02-22 20:03:49 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe [2011-02-22 20:03:49 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe [2011-02-02 00:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-01-26 18:09:03 | 000,000,600 | ---- | C] () -- C:\Users\Filas\AppData\Roaming\winscp.rnd [2011-01-26 15:28:59 | 000,000,600 | ---- | C] () -- C:\Users\Filas\AppData\Local\PUTTY.RND [2011-01-24 16:50:00 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2011-01-24 16:50:00 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2011-01-24 16:50:00 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2011-01-21 20:33:31 | 000,138,056 | ---- | C] () -- C:\Users\Filas\AppData\Roaming\PnkBstrK.sys [2011-01-21 20:33:06 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011-01-18 04:04:55 | 004,554,703 | -H-- | C] () -- C:\Users\Filas\AppData\Local\IconCache.db [2011-01-17 16:20:02 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011-01-13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-01-08 23:33:06 | 000,000,006 | ---- | C] () -- C:\Windows\System32\tna4D28D812.sys [2010-12-21 20:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-12-18 23:56:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2010-11-29 13:28:25 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2010-11-29 13:28:25 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2010-11-29 13:28:25 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2010-11-29 13:28:25 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2010-11-29 13:28:25 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2010-11-27 20:25:31 | 000,098,696 | ---- | C] () -- C:\Windows\System32\setupprwdrv03.exe [2010-11-27 20:25:31 | 000,013,704 | ---- | C] () -- C:\Windows\System32\prwntdrv.sys [2010-10-29 22:39:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010-10-26 20:51:45 | 000,007,602 | ---- | C] () -- C:\Users\Filas\AppData\Local\resmon.resmoncfg [2010-10-21 18:43:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010-10-21 18:43:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010-10-21 18:43:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010-10-21 18:43:11 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010-10-21 18:43:11 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010-10-21 18:43:11 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2010-10-20 19:23:19 | 000,140,248 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010-10-20 19:23:11 | 000,266,400 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010-10-20 19:22:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010-10-18 20:17:34 | 000,064,248 | ---- | C] () -- C:\Users\Filas\AppData\Local\GDIPFONTCACHEV1.DAT [2010-10-18 20:14:07 | 001,632,052 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2010-10-18 20:11:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010-10-18 20:11:50 | 000,028,289 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010-07-16 02:45:44 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009-12-03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009-07-16 05:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009-07-14 10:07:57 | 000,727,238 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,149,336 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 06:33:53 | 002,212,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 04:05:48 | 000,642,020 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,116,546 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:04:23 | 000,000,538 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:29 | 000,071,680 | ---- | C] () -- C:\Windows\System32\tlntsvr.exe [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-13 23:41:56 | 000,053,552 | ---- | C] () -- C:\Windows\System32\dosx.exe [2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2009-02-19 05:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe [2008-12-01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2005-04-08 04:16:43 | 011,334,938 | -H-- | C] () -- C:\Users\Filas\AppData\Roaming\Filaslog.dat [2002-10-16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2011-04-20 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\.minecraft [2011-03-04 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\avidemux [2011-03-05 01:12:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Azureus [2011-04-25 15:14:22 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\BITS [2011-02-16 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Braid [2010-12-29 16:54:01 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Chime [2010-10-22 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\DAEMON Tools Lite [2011-01-24 04:06:48 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Datarescue [2011-04-25 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\DNA [2011-04-05 19:29:26 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Downloaded Installations [2011-01-11 13:17:02 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\EurekaLog [2011-04-05 19:27:48 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FileZilla [2011-03-16 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FireFTP [2011-03-16 19:53:20 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FlashGet [2011-03-16 19:53:19 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\FlashGetBHO [2010-10-19 15:00:30 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\fofix [2011-04-25 17:47:39 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\foobar2000 [2010-11-12 02:20:04 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Foxit Software [2010-10-22 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\GameRanger [2011-01-15 18:49:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Golly [2011-02-21 11:52:25 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\gtk-2.0 [2011-01-24 04:06:55 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Hex-Rays [2011-04-22 12:02:08 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\HLSW [2010-11-07 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\JAM Software [2010-10-22 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Leadertech [2011-03-28 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\mkvtoolnix [2010-10-22 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\MotioninJoy [2011-04-06 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Mumble [2011-03-17 20:07:07 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\MusicBrainz [2010-12-16 12:44:58 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Notepad++ [2010-12-30 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Onlink [2011-02-20 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Opera [2011-04-05 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\puush [2011-04-07 11:07:54 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Raptr [2011-02-18 15:36:47 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Razer [2011-04-14 19:12:10 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\runic games [2010-10-28 15:30:44 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Subversion [2010-12-19 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Systweak [2010-11-07 01:50:09 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\TeamViewer [2011-01-26 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\TightVNC [2011-01-09 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Tropico3 [2010-10-18 21:05:36 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\TS3Client [2011-04-02 20:53:26 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\Tunngle [2011-04-25 15:13:41 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\uTorrent [2010-10-19 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\W [2010-12-27 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\wargaming.net [2011-04-21 02:25:11 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\X-Chat 2 [2011-03-22 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Filas\AppData\Roaming\XnView [2011-04-24 22:07:10 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-04-25 19:00:32 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Filas\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 79,65 Gb Free Space | 54,41% Space Free | Partition Type: NTFS Drive D: | 244,10 Gb Total Space | 103,35 Gb Free Space | 42,34% Space Free | Partition Type: NTFS Drive E: | 150,26 Gb Total Space | 90,41 Gb Free Space | 60,17% Space Free | Partition Type: NTFS Drive F: | 72,70 Gb Total Space | 59,69 Gb Free Space | 82,11% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 3,71 Gb Free Space | 7,60% Space Free | Partition Type: NTFS Drive H: | 59,57 Gb Total Space | 6,21 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive I: | 97,65 Gb Total Space | 10,18 Gb Free Space | 10,43% Space Free | Partition Type: NTFS Drive J: | 100,61 Gb Total Space | 6,34 Gb Free Space | 6,30% Space Free | Partition Type: NTFS Drive K: | 86,40 Gb Total Space | 21,45 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Drive N: | 146,48 Gb Total Space | 53,29 Gb Free Space | 36,38% Space Free | Partition Type: NTFS Computer Name: FILASPC | User Name: Filas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .inf [@ = inffile] -- %SystemRoot%\system32\NOTEPAD.EXE %1 .ini [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) .txt [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- () "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes] "D:\Gry\CAEU\Combat Arms EU\CombatArms.exe" = D:\Gry\CAEU\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon) "D:\Gry\CAEU\Combat Arms EU\Engine.exe" = D:\Gry\CAEU\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 Na studiach "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls "{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1" = GT Legends 1.0.0.0 "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Rezydencje i ogrody Akcesoria "{1E5FF5FF-EE4B-4CDE-94F5-F211C9F6D7C2}_is1" = Tomb Raider Legenda wersja 1.2 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.7 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{2680FAEF-9E7A-4BC1-9A7E-0E9E72FDC4BB}" = X GXT Editor V.2.1 final "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001 "{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3AC520D6-717D-4315-BDBD-6B1A57CC8532}" = Advanced Net Tools (ANT) "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47BF68F4-D0C5-462E-B8A0-87B030458D71}" = Dark Messiah of Might and Magic "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Zwierzaki "{4B52E7BC-28A6-F68C-A12F-BC7581BE344C}" = ATI Catalyst Install Manager "{4D54D8DF-25CF-9752-787E-BF8D560B009B}" = AMD Drag and Drop Transcoding "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{5157A26D-28AF-4E96-99EE-25D510437653}_is1" = SpaceChem "{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker "{584109EB-CEA0-4954-804B-211000018301}" = Tinker "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4 "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Młodzieżowy styl Akcesoria "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{62257E78-D1FB-44D9-A155-764B3F7BB76F}_is1" = Disk Doctors Photo Recovery (Win) "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kuchnia i łazienka Wystrój wnętrz Akcesoria "{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive "{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0 "{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Rozrywka rodzinna - Akcesoria "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® urządza dom Akcesoria "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2 "{6E9B216E-1D8F-06AB-FE30-FA19AC530F75}" = ccc-utility "{7097B6F1-00D1-4C32-8376-98D0AC47A469}_is1" = Gimnazjum 2011 wersja 1.5 "{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{7675C2B8-A4FC-F01D-B0EA-7F251E36D2F0}" = ccc-core-static "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{776F7D39-5704-DBBF-CAFE-8826F98462F3}" = Catalyst Control Center InstallProxy "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Własny biznes "{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{84000886-8F44-97F4-69CF-5C90D441E2BC}" = Catalyst Control Center Graphics Previews Common "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 Moda z H&M® Akcesoria "{852249E5-85F2-4959-AEFB-8D46D02E9BEE}" = Bionic Commando "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 Czas wolny "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE "{947EC1A7-B056-4D60-9D31-BD29BBBFC2B8}" = Kane and Lynch Dead Men "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A6F4E4F-9FAB-78A2-020B-3DAED3B2E0E1}" = AMD Fuel "{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Szyk i elegancja - Akcesoria "{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4 "{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding "{A9307988-3EA8-415E-A91E-0EB1FBF439DA}" = Adobe After Effects CS4 Third Party Content "{B0464744-7F9E-BC45-0398-ED28CFADCEDF}" = CCC Help English "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4 "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Osiedlowe życie "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2010.build.42 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BB751CFD-8BCE-9754-ACBE-D6EFDC69C937}" = WMV9/VC-1 Video Playback "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{BF801913-15B4-4B6C-9FF0-987EF271435A}" = Adobe Premiere Pro CS4 Third Party Content "{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English "{C301D681-00D3-4597-8446-3DE54FE20F1A}" = TortoiseSVN 1.6.11.20210 (32 bit) "{C3592426-531E-4110-911D-BFECE2CE284B}" = puush "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu! "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE977CAD-5230-4BFE-917B-091A4F08182B}" = Outfront - Na tyłach wroga "{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker "{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{DFB92E80-F614-8710-37BD-E5091D241B90}" = WMV9/VC-1 Video Playback "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Cztery pory roku "{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa "{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E77DF3B1-D561-4219-AB65-793AA079DC41}" = GT Legends - Aktualizacja v1.1 "{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Impreza! Akcesoria "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.078 "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Podróże "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nocne życie "{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F96609AF-F197-4C9A-A97D-6AE132F743D7}" = GTAPoliceMods Mod Pack "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Więzy Krwi "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12345_is1" = WeGame Client 2.3.5 "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 "Akamai" = Akamai NetSession Interface "AMIP_foobar2000" = AMIP for foobar2000 (remove only) "APB Reloaded" = APB Reloaded "AQQ" = WapSter AQQ "ASIO4ALL" = ASIO4ALL "Avidemux 2.5" = Avidemux 2.5 "Blitzkrieg" = Blitzkrieg Mod "Braid/PL-Polish_is1" = Braid "Bulletstorm_is1" = Bulletstorm "Capitalism II PL" = Capitalism II PL "City Life" = City Life 2008 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Combat Arms EU" = Combat Arms EU "Copssh" = Copssh (remove only) "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "CrystalDiskInfo_is1" = CrystalDiskInfo 3.9.1 "Defcon_is1" = Defcon Patch v1.6 "Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0 "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1 "DivX Setup.divx.com" = DivX Setup "D-Link VGA Webcam" = D-Link VGA Webcam "EADM" = EA Download Manager "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition "EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1 "FileZilla Client" = FileZilla Client 3.3.5.1 "FireFTP" = FireFTP "FL Studio 9" = FL Studio 9 "FlashGet 3.7" = FlashGet 3.7 "Foxit Reader" = Foxit Reader "Freecorder4.1" = Freecorder "GamersFirst LIVE!" = GamersFirst LIVE! "GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker "Hardcore" = Hardcore "HD Tune_is1" = HD Tune 2.55 "HLSW_is1" = HLSW v1.3.3.7b "ICW Base" = ICW Base(remove only) "ICW COPSSHCP" = ICW COPSSHCP(remove only) "ICW OpenSSHServer" = ICW OpenSSHServer (remove only) "IL Download Manager" = IL Download Manager "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo "InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Więzy Krwi "JDownloader" = JDownloader "Klawiatura wersja 2.8_is1" = Klawiatura wersja 2.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Metal Assault" = Metal Assault "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "MKVtoolnix" = MKVtoolnix 4.6.0 "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "MTA:SA" = MTA:SA v1.0.4-rc-02033-2-000 "MusicBrainz Picard" = MusicBrainz Picard "Natural Mod" = Natural Mod "Nmap" = Nmap 5.35DC1 "Notepad++" = Notepad++ "Onlink Update" = Onlink "OpenAL" = OpenAL "Opera 11.01.1190" = Opera 11.01 "Opera 11.01.1190_1" = Opera 11.01 "Phun_is1" = Algodoo Phun edition v5.28 "Picasa 3" = Picasa 3 "PoiZone" = PoiZone "PunkBusterSvc" = PunkBuster Services "Raptr" = Raptr "RealPlayer 12.0" = RealPlayer "Recuva" = Recuva "Sawer" = Sawer "Seismovision 3" = Seismovision 3 (remove only) "SFFixed" = SourceForts 1.9.4.1 Fixed "SpeedFan" = SpeedFan (remove only) "Steam App 1510" = Uplink "Steam App 2130" = Dark Messiah Might and Magic Multi-Player "Steam App 280" = Half-Life: Source "Steam App 360" = Half-Life Deathmatch: Source "Steam App 3960" = Shattered Union "Steam App 41100" = Hammerfight "Steam App 41300" = Altitude "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42720" = Call of Duty Black Ops - Remote Console "Steam App 58300" = System Protocol One "Steam App 62100" = Chime "Steam App 70100" = Hacker Evolution "Systweak CacheBoost_is1" = Systweak CacheBoost "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 5" = TeamViewer 5 "TeamViewer 6" = TeamViewer 6 "TightVNC" = TightVNC 2.0.2 "TmSunrise_is1" = TrackMania Sunrise "Toxic Biohazard" = Toxic Biohazard "TreeSize Free_is1" = TreeSize Free V2.4 "Trials 2 SE" = Trials 2 Second Edition "Tunngle beta_is1" = Tunngle beta "Update Service" = Sony Ericsson Update Service "uTorrent" = µTorrent "Veoh Web Player Beta" = Veoh Web Player "Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar "VLC media player" = VLC media player 1.0.5 "VobSub" = VobSub v2.23 (Remove Only) "Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1 "WinPcapInst" = WinPcap 4.1.2 "winscp3_is1" = WinSCP 4.3 beta "xchat" = XChat 2 (remove only) "X-Chat 2_is1" = X-Chat 2.8.6-2 "Xfire" = Xfire (remove only) "XnView_is1" = XnView 1.97.8 "XPMP" = Xfire Plus: Music Plugin [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-338048016-1798996921-2506611867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "GameRanger" = GameRanger "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error: Unable to start EventLog service! < End of report >

**Posty:** 18165 · przez **wojtas** 26 Kwi 2011, 14:31

odinstaluj Akamai NetSession Interface

znasz to :

C:\msgunfmt.exe ? jeśli nie to usuń

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Windows 7 Sp1
>>> Internet Explorer 9
>>> Java™ 6
>>> Mozilla Firefox 4,0