Chwilowe zwiechy, przycinki

**Posty:** 370 · przez **eMaNeTeWu** 24 Maj 2012, 01:02

Witam, od jakiegoś miesiąca mam problem z chwilowymi zwiechami i przycinkami podczas grania w gry. gram, jest płynnie nagle na jakies 20-30 sekund drastycznie spadają fpsy z 50-60 do nawet 10. potem na minute znowu jest ok i znow scinki. dodam że to laptop acer aspire 5552g. wstawiam logi bo ostatnio scina czesciej i dluzej, prosze o pomoc :
OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2012-05-24 00:27:58 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = G:\logi Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,79% Memory free 5,99 Gb Paging File | 4,97 Gb Available in Paging File | 83,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,00 Gb Total Space | 4,90 Gb Free Space | 12,25% Space Free | Partition Type: NTFS Drive D: | 160,00 Gb Total Space | 5,95 Gb Free Space | 3,72% Space Free | Partition Type: NTFS Drive F: | 160,00 Gb Total Space | 32,32 Gb Free Space | 20,20% Space Free | Partition Type: NTFS Drive G: | 105,66 Gb Total Space | 9,76 Gb Free Space | 9,23% Space Free | Partition Type: NTFS Drive J: | 11,31 Gb Total Space | 9,82 Gb Free Space | 86,89% Space Free | Partition Type: FAT32 Computer Name: EMANETEWU123 | User Name: emanetewu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-05-24 00:20:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- G:\logi\OTL.exe PRC - [2010-10-28 05:38:30 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010-10-28 05:38:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010-05-25 17:45:34 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll MOD - [2012-05-09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll MOD - [2012-05-09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll MOD - [2012-05-09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll MOD - [2012-05-09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll MOD - [2012-05-09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll MOD - [2012-05-09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll MOD - [2010-10-28 11:13:02 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010-08-26 14:49:58 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2010-01-30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009-07-14 10:07:21 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009-07-14 10:07:18 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-07-14 10:07:18 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pl_b77a5c561934e089\System.resources.dll MOD - [2009-07-14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009-07-14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009-07-14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009-07-14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009-07-14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009-07-14 06:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll MOD - [2009-07-14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009-07-14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-04-21 12:48:00 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-03-11 18:40:25 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012-02-15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-12-02 09:37:21 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2010-10-28 05:38:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010-05-25 17:45:34 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-03-25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012-03-09 10:57:28 | 000,024,328 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2011-10-26 15:02:18 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-10-26 15:02:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-10-28 06:10:44 | 006,465,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010-10-28 05:03:20 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010-09-24 02:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-06-16 23:15:36 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2010-05-20 13:42:28 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2010-05-11 18:11:50 | 001,803,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010-04-28 23:43:22 | 000,030,464 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010-01-27 11:04:44 | 000,183,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1332971486_729205 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/ins/ins_1332971486_729205 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{720EFFD8-A43C-4C3C-9F56-F73B2819A04F}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{F0EDCCF5-6EF4-4EEA-AA5F-1D2E50B60818}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=ef8605f2-2364-11e1-85fc-a40bd7cc5412&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1332971486_729205 IE - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/ins/ins_1332971486_729205 IE - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=ef8605f2-2364-11e1-85fc-a40bd7cc5412&q={searchTerms} IE - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\..\SearchScopes\{720EFFD8-A43C-4C3C-9F56-F73B2819A04F}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\..\SearchScopes\{F0EDCCF5-6EF4-4EEA-AA5F-1D2E50B60818}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=ef8605f2-2364-11e1-85fc-a40bd7cc5412&q={searchTerms} IE - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\emanetewu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\emanetewu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-4113232092-2038624738-2748385027-1000\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\%emanetewu%\AppData [2012-02-28 01:50:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\%emanetewu%\Desktop [2012-05-23 23:05:22 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe [2011-12-03 11:34:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Atheros [2011-09-14 21:21:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ATI [2011-09-14 21:18:53 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Autodesk [2012-03-13 21:07:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Codemasters [2012-01-11 19:06:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011-10-25 15:36:44 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Dane aplikacji [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Documents [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Dokumenty [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DSS [2012-02-17 21:56:33 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\EA Core [2012-05-08 14:41:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Electronic Arts [2012-05-08 14:41:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ESET [2012-04-15 18:25:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\FLEXnet [2012-03-13 20:52:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\id Software [2012-01-03 22:31:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Menu Start [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Microsoft [2012-04-02 20:01:00 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\Microsoft Help [2011-12-02 09:18:22 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\muzo [2012-05-11 17:34:30 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Pulpit [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\RDRM [2012-05-11 19:10:18 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\regid.1986-12.com.adobe [2012-01-23 08:41:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\RELOADED [2011-10-30 23:46:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SecuROM [2011-09-24 11:02:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\SimCity Societies [2012-03-19 17:35:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Skype [2012-02-24 22:18:58 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Solidshield [2012-05-08 14:10:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sony [2012-02-10 15:44:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011-11-14 21:18:25 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2011-12-29 17:28:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Szablony [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\TEMP [2012-02-04 19:19:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Test Drive Unlimited [2012-05-23 16:24:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ubisoft [2012-01-18 20:08:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ulubione [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Win7codecs [2011-09-15 19:48:56 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{17E7CC50-BDE0-D789-5127-7397-9DCF9988}.ini () O4 - Startup: C:\Users\Default\AppData [2009-07-14 04:37:05 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Dane aplikacji [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2011-09-14 20:59:16 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Menu Start [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Moje dokumenty [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 04:04:25 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Szablony [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Ustawienia lokalne [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\AppData [2011-09-14 21:01:04 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\emanetewu\Contacts [2011-09-14 21:01:14 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\Cookies [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Dane aplikacji [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Desktop [2012-05-24 00:26:46 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\Documents [2012-05-23 21:30:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\Downloads [2012-05-24 00:21:10 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\Favorites [2011-09-14 23:05:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\Links [2009-07-14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\Menu Start [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Moje dokumenty [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Music [2011-09-14 23:04:13 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\NetHood [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Network [2011-11-19 21:41:59 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\NTUSER.DAT () O4 - Startup: C:\Users\emanetewu\ntuser.dat.LOG1 () O4 - Startup: C:\Users\emanetewu\ntuser.dat.LOG2 () O4 - Startup: C:\Users\emanetewu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf () O4 - Startup: C:\Users\emanetewu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\emanetewu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\emanetewu\ntuser.ini () O4 - Startup: C:\Users\emanetewu\Pictures [2012-05-08 14:42:30 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\PrintHood [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Recent [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\riotsGamesLogs [2012-04-15 14:05:29 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\emanetewu\Saved Games [2012-02-17 21:59:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\emanetewu\Searches [2011-09-14 23:04:42 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\SendTo [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Szablony [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Thumbs.db () O4 - Startup: C:\Users\emanetewu\userdiff.sav () O4 - Startup: C:\Users\emanetewu\Ustawienia lokalne [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\emanetewu\Videos [2011-09-14 23:04:14 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\emanetewu\WapSter [2011-09-18 22:06:30 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\Desktop [2012-05-24 00:19:17 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2012-02-21 12:21:18 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Downloads [2009-07-14 06:41:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2009-07-14 04:04:25 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Libraries [2012-01-15 15:08:22 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2009-07-14 06:41:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Pictures [2009-07-14 06:41:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Recorded TV [2009-07-14 10:28:09 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2009-07-14 06:41:57 | 000,000,000 | R--D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8BF73B9-38A9-4F6F-92E0-CC8A92E2028D}: DhcpNameServer = 62.179.1.63 62.179.1.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012-03-02 13:30:26 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012-03-11 18:48:07 | 000,000,000 | ---D | M] - F:\AutoCAD -- [ NTFS ] O32 - AutoRun File - [2012-03-02 13:29:37 | 2177,851,495 | ---- | M] () - G:\AutoCAD_2011_Polish_Win_32bit.exe -- [ NTFS ] O33 - MountPoints2\{a5106cec-5621-11e1-a28a-a6c18eb5c004}\Shell - "" = AutoRun O33 - MountPoints2\{a5106cec-5621-11e1-a28a-a6c18eb5c004}\Shell\AutoRun\command - "" = I:\autorun.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell - "" = AutoRun O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\AutoRun\command - "" = J:\aoesetup.exe /autorun O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\directx\command - "" = J:\DirectX\dxsetup.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\dplay\command - "" = J:\DirectX\dplay61a.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\dxdiag\command - "" = J:\goodies\ar40eng.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\dxinfo\command - "" = J:\goodies\DirectX\dxinfo.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\dxtest\command - "" = J:\DirectX\dxdiag.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\dxtool\command - "" = J:\goodies\DirectX\dxtool.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\log\command - "" = J:\goodies\machine\machine.exe -l O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\machine\command - "" = J:\goodies\machine\machine.exe O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\setup\command - "" = J:\aoesetup.exe /autorun O33 - MountPoints2\{b8aacd97-fed7-11e0-a5bf-87a2bc60a411}\Shell\zone\command - "" = J:\goodies\mszone\zoneA600.exe O33 - MountPoints2\{dba6e3a8-f0c2-11e0-ac5f-8c12f21c2910}\Shell - "" = AutoRun O33 - MountPoints2\{dba6e3a8-f0c2-11e0-ac5f-8c12f21c2910}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{e7eda26d-5335-11e1-8e58-be6e5d4b2729}\Shell - "" = AutoRun O33 - MountPoints2\{e7eda26d-5335-11e1-8e58-be6e5d4b2729}\Shell\AutoRun\command - "" = K:\PdtStart.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\PdtStart.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-05-24 00:20:50 | 000,000,000 | ---D | C] -- \logi [2012-05-23 23:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2012-05-23 21:50:25 | 000,000,000 | ---D | C] -- \Crack [2012-05-23 21:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls [2012-05-23 21:09:19 | 000,000,000 | ---D | C] -- \Game.Of.Thrones.RPG.STEAM.UNLOCKED-ALI213 [2012-05-22 14:54:59 | 000,000,000 | ---D | C] -- \fizyka [2012-05-13 17:09:51 | 000,024,328 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys [2012-05-13 17:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012-05-13 17:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2012-05-12 10:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited [2012-05-12 09:11:04 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012-05-12 08:36:25 | 000,000,000 | ---D | C] -- \Test Drive Unlimited [2012-05-08 14:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012-05-08 14:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012-05-08 14:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012-05-08 07:02:44 | 000,000,000 | ---D | C] -- \Nowy folder [2012-04-26 15:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RDRM [2012-04-26 15:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\muzo [2012-04-26 15:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\muzo [2012-04-26 15:24:15 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2012-04-15 20:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt [2012-04-15 18:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2012-04-02 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012-04-02 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-05-24 00:29:43 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-05-24 00:29:43 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-05-24 00:27:34 | 000,687,828 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-05-24 00:27:34 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-05-24 00:27:34 | 000,131,382 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-05-24 00:27:34 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-05-24 00:22:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-05-24 00:22:22 | 2411,905,024 | -HS- | M] () -- C:\hiberfil.sys [2012-05-23 23:32:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4113232092-2038624738-2748385027-1000UA.job [2012-05-23 23:05:22 | 000,000,625 | ---- | M] () -- C:\\Users\\%emanetewu%\\Desktop\Play Star Wars Jedi Knight Jedi Academy.lnk [2012-05-23 18:42:54 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4113232092-2038624738-2748385027-1000Core.job [2012-05-13 17:09:51 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-05-12 09:11:04 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012-04-26 15:24:36 | 000,000,136 | ---- | M] () -- C:\ProgramData\{17E7CC50-BDE0-D789-5127-7397-9DCF9988}.ini [2012-04-26 15:24:15 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-05-24 00:18:59 | 000,675,896 | ---- | C] () -- \SPTDinst-v181-x86.exe [2012-05-23 23:12:27 | 002,306,095 | ---- | C] () -- \gldirect5_opensource.zip [2012-05-23 23:05:22 | 000,000,625 | ---- | C] () -- C:\\Users\\%emanetewu%\\Desktop\Play Star Wars Jedi Knight Jedi Academy.lnk [2012-05-23 21:49:46 | 658,354,332 | ---- | C] () -- \Stawars Jedi Knight - Jedi Academy_2.nrg [2012-05-23 21:49:15 | 619,993,244 | ---- | C] () -- \Stawars Jedi Knight - Jedi Academy_1.nrg [2012-05-23 17:16:40 | 000,255,064 | ---- | C] () -- \Spolszczenie_maniekx4400_for_ufs_pl.rar [2012-05-23 17:16:22 | 646,398,478 | ---- | C] () -- \Star_Wars_Jedi_Knight_Jedi_Academy_maniekx4400__for_ufs_pl.part2.rar [2012-05-23 17:16:05 | 734,003,200 | ---- | C] () -- \Star_Wars_Jedi_Knight_Jedi_Academy_maniekx4400__for_ufs_pl.part1.rar [2012-05-22 16:00:50 | 000,951,872 | ---- | C] () -- \skanuj0014.jpg [2012-05-22 16:00:48 | 000,878,321 | ---- | C] () -- \skanuj0013.jpg [2012-05-22 16:00:45 | 001,091,699 | ---- | C] () -- \skanuj0012.jpg [2012-05-22 16:00:40 | 000,976,021 | ---- | C] () -- \skanuj0011.jpg [2012-05-22 16:00:37 | 000,916,304 | ---- | C] () -- \skanuj0010.jpg [2012-05-22 16:00:34 | 000,745,892 | ---- | C] () -- \skanuj0009.jpg [2012-05-22 16:00:32 | 001,143,676 | ---- | C] () -- \skanuj0008.jpg [2012-05-22 15:56:40 | 003,078,161 | ---- | C] () -- \wykład z fizyki 3.rar [2012-05-22 12:34:15 | 367,764,016 | ---- | C] () -- \Szkola Masturbacji.avi [2012-05-22 00:50:10 | 009,945,771 | ---- | C] () -- \Willow-Smith-Ft.-Nicki-Minaj-Fireball-Instrumental.mp3 [2012-05-21 20:57:13 | 734,236,672 | ---- | C] () -- \Spider-Man.XXX.A.Porn.Parody.Vivid Video.2011.DVDRip.avi [2012-05-21 20:54:02 | 004,336,370 | ---- | C] () -- \Game.Of.Thrones.RPG.CRACKonly-ALI213.rar [2012-05-15 16:56:16 | 094,192,933 | ---- | C] () -- \1. Pochodne cząstkowe.zip [2012-05-15 14:51:51 | 733,964,288 | ---- | C] () -- \Spartacus.Blood.And.Sand 10.avi [2012-05-15 14:51:51 | 733,298,688 | ---- | C] () -- \Spartacus.Blood.And.Sand 11.avi [2012-05-15 14:51:51 | 733,265,920 | ---- | C] () -- \Spartacus.Blood.And.Sand 12.avi [2012-05-15 14:51:51 | 730,810,368 | ---- | C] () -- \Spartacus.Blood.And.Sand 13.avi [2012-05-15 14:51:51 | 701,006,634 | ---- | C] () -- \Spartacus.Blood.And.Sand 6.avi [2012-05-15 14:51:51 | 699,245,890 | ---- | C] () -- \Spartacus.Blood.And.Sand 5.avi [2012-05-15 14:51:51 | 696,880,894 | ---- | C] () -- \Spartacus.Blood.And.Sand 3.avi [2012-05-15 14:51:51 | 687,630,786 | ---- | C] () -- \Spartacus.Blood.And.Sand 7.avi [2012-05-15 14:51:51 | 687,336,498 | ---- | C] () -- \Spartacus.Blood.And.Sand 8.avi [2012-05-15 14:51:51 | 681,729,384 | ---- | C] () -- \Spartacus.Blood.And.Sand 4.avi [2012-05-15 14:51:51 | 577,673,216 | ---- | C] () -- \Spartacus.Blood.and.Sand 1.avi [2012-05-15 14:51:51 | 575,924,224 | ---- | C] () -- \Spartacus.Blood.and.Sand 2.avi [2012-05-15 14:51:51 | 562,670,896 | ---- | C] () -- \Spartacus.Blood.And.Sand 9.avi [2012-05-15 14:00:13 | 576,899,072 | ---- | C] () -- \Spartakus Zemsta.S02E04.PL.HDTV.XviD-TR0D4T.avi [2012-05-15 14:00:13 | 572,311,552 | ---- | C] () -- \Spartakus Zemsta.S02E01.PL.HDTV.XviD-TR0D4T.avi [2012-05-15 14:00:13 | 567,009,280 | ---- | C] () -- \Spartakus Zemsta.S02E06.PL.HDTV.XviD-TR0D4T.avi [2012-05-15 14:00:13 | 552,996,864 | ---- | C] () -- \Spartakus Zemsta.S02E02.PL.HDTV.XviD-TR0D4T.avi [2012-05-15 14:00:13 | 551,860,224 | ---- | C] () -- \Spartakus Zemsta.S02E08.PL.HDTV.XviD-TR0D4T.avi [2012-05-15 14:00:13 | 550,088,704 | ---- | C] () -- \Spartakus Zemsta - Spartacus Vengeance - s02e05 - Libertus - pl.avi [2012-05-15 14:00:13 | 548,001,792 | ---- | C] () -- \Spartakus Zemsta.S02E07.PL.HDTV.XviD-TR0D4T.avi [2012-05-15 14:00:13 | 546,922,496 | ---- | C] () -- \Spartakus Zemsta.S02E03.PL.HDTV.XviD-TR0D4T.avi [2012-05-13 18:34:31 | 734,064,640 | ---- | C] () -- \Rok_Pierwszy_bobol21_for_ufs_pl.avi [2012-05-13 17:09:51 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-05-13 17:09:12 | 004,387,080 | ---- | C] () -- \cpu-z_1.60.1-setup-en.exe [2012-05-13 10:39:21 | 1732,945,170 | ---- | C] () -- \Ghost Protocol 2011-opti.avi [2012-05-13 09:28:29 | 003,296,259 | ---- | C] () -- \vty-tdu.rar [2012-05-13 09:15:06 | 006,544,499 | ---- | C] () -- \IGE.rar [2012-05-12 09:31:40 | 002,776,043 | ---- | C] () -- \htd-tdu6.rar [2012-05-12 08:41:13 | 186,057,800 | ---- | C] () -- \tdu_add.rar [2012-05-06 12:03:55 | 732,059,653 | ---- | C] () -- \How.High.2001.DVDRip.XviD.LektorPL.rar.crdownload [2012-05-06 10:31:16 | 733,718,737 | ---- | C] () -- \Chlopaczki.z.Sasiedztwa.1996.DVDrip.Lektor.PL.avi.crdownload [2012-04-26 15:24:36 | 000,000,136 | ---- | C] () -- C:\ProgramData\{17E7CC50-BDE0-D789-5127-7397-9DCF9988}.ini [2012-04-26 15:23:28 | 013,203,248 | ---- | C] () -- \muzosetup.exe [2012-04-19 15:01:26 | 001,413,127 | ---- | C] () -- \doris6.png [2012-04-15 15:00:49 | 046,695,168 | ---- | C] () -- \eset-nod32-2011.rar [2012-04-14 20:00:40 | 111,828,148 | ---- | C] () -- \ostatniaszansa.rar [2012-04-10 20:43:56 | 000,134,594 | ---- | C] () -- \0103389397.pdf [2012-04-07 10:07:17 | 000,018,559 | ---- | C] () -- \Kolokwium nr 1 wyniki 2012 gr 3.pdf [2012-04-06 21:53:50 | 365,639,680 | ---- | C] () -- \game.of.thrones.s02e02.PL_cwiet.avi [2012-04-04 11:41:00 | 054,972,262 | ---- | C] () -- \Swords and Soldiers.rar [2012-04-03 15:37:46 | 782,667,681 | ---- | C] () -- \Game.of.Thrones.S02E01.PL.720p.HDTV.x264-B89.xcms.mkv [2012-04-02 20:51:17 | 000,013,641 | ---- | C] () -- \f8c9e42fed65b42f43253decfe083a3ec8884bce.zip [2012-03-29 23:48:05 | 733,317,120 | ---- | C] () -- \Teen Smackdown Orgy [CD2][XXX] Novy_for_ufs_pl.avi [2012-03-29 23:48:05 | 732,635,136 | ---- | C] () -- \Teen Smackdown Orgy [CD1][XXX] Novy_for_ufs_pl.avi [2012-03-29 18:44:08 | 001,722,454 | ---- | C] () -- \doris5.png [2012-03-29 18:43:18 | 001,373,555 | ---- | C] () -- \doris4.png [2012-03-29 18:42:35 | 001,401,531 | ---- | C] () -- \doris3.png [2012-03-29 18:38:54 | 000,990,136 | ---- | C] () -- \doris1.png [2012-03-29 18:35:12 | 000,886,744 | ---- | C] () -- \doris.png [2012-03-23 08:45:13 | 000,120,833 | ---- | C] () -- \5600483640_22_0.pdf [2012-03-21 12:58:13 | 1073,741,824 | ---- | C] () -- \FlatOut.3.Chaos.And.Destruction-sigmon.part1.rar [2012-03-21 00:37:16 | 792,331,450 | ---- | C] () -- \Marsz.Dinozaurow.2011.PL.DVDRip.rar [2012-03-19 18:11:52 | 000,169,864 | ---- | C] () -- \416504_396434997051678_100000555423176_1455778_1691736764_o.jpg [2012-03-12 22:20:30 | 220,384,279 | ---- | C] () -- \Macierze.zip [2012-03-02 15:45:26 | 002,370,560 | ---- | C] () -- \LeagueofLegends.exe [2012-03-02 13:29:48 | 005,712,588 | ---- | C] () -- \single_player_editors_Hero_Editor_Full_V96.zip [2012-03-02 13:17:46 | 001,053,270 | ---- | C] () -- \Diablo edytor.zip [2012-03-02 12:40:23 | 2177,851,495 | ---- | C] () -- \AutoCAD_2011_Polish_Win_32bit.exe [2012-02-28 21:41:44 | 001,102,346 | ---- | C] () -- \Diablo2AndDiablo2LordOfDestructionv1.11bNoCDFixedexeEng.rar [2012-02-28 21:41:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2012-02-28 21:40:31 | 011,018,173 | ---- | C] () -- \D2Patch_111b.exe [2012-02-28 21:33:36 | 009,857,598 | ---- | C] () -- \D2Patch_110.exe [2012-02-28 21:26:27 | 011,016,524 | ---- | C] () -- \D2Patch_111.exe [2012-02-28 21:17:41 | 000,019,882 | ---- | C] () -- C:\Windows\DIIUnin.dat [2012-02-28 21:12:53 | 000,040,960 | ---- | C] () -- \Diablo II.exe [2012-02-28 21:11:19 | 000,530,805 | ---- | C] () -- \diablo_2_crack_www.przeklej.pl.rar [2012-02-28 18:03:51 | 702,709,816 | ---- | C] () -- \Diablo 2 PL_poziomeq_ufs.pl.part2.rar [2012-02-28 18:03:51 | 1048,576,000 | ---- | C] () -- \Diablo 2 PL_poziomeq_ufs.pl.part1.rar [2012-02-28 01:50:47 | 000,014,478 | ---- | C] () -- C:\Windows\scunin.dat [2012-02-27 20:35:46 | 005,530,509 | ---- | C] () -- \Ragdoll.Masters.v3.0.WinALL-iNDUCT.rar [2012-02-27 20:27:33 | 031,014,538 | ---- | C] () -- \Tibia 9.44.exe [2012-02-27 18:38:39 | 001,606,656 | ---- | C] () -- \SteamInstall.msi [2012-02-26 23:33:00 | 842,935,628 | ---- | C] () -- \StarCraft_stanley_88_4_ufs.rar [2012-02-24 22:16:44 | 000,944,264 | ---- | C] () -- \SkypeSetup.exe [2012-02-24 18:13:14 | 286,155,131 | ---- | C] () -- \David Guetta - Nothing But The Beat (Deluxe Edition) 2011.rar [2012-02-22 01:33:50 | 004,082,989 | ---- | C] () -- \Edyta Górniak & Mietek Szcześniak - Dumka Na Dwa Serca.mp3 [2012-02-21 10:18:19 | 000,020,307 | -HS- | C] () -- \Folder.jpg [2012-02-21 10:18:19 | 000,005,157 | -HS- | C] () -- \AlbumArtSmall.jpg [2012-02-19 13:36:21 | 030,517,402 | ---- | C] () -- \Liga Polska Manager 2005.rar [2012-02-18 15:08:41 | 000,208,791 | ---- | C] () -- \ćwiczenia - S_WIŚ_PL_W5.pdf [2012-02-18 10:24:33 | 576,686,080 | ---- | C] () -- \Dexter.S05E01.PL.avi [2012-02-17 21:50:34 | 000,129,706 | ---- | C] () -- \paul.zip [2012-02-17 21:39:51 | 015,531,654 | ---- | C] () -- \Fable 3 -SKIDROW- CRACK UPDATE.rar [2012-02-17 20:34:30 | 3816,730,623 | ---- | C] () -- \sr-fable3.iso [2012-02-17 18:46:25 | 000,190,706 | ---- | C] () -- \ćwiczenia - S_WIŚ_PL_W4.pdf [2012-02-17 17:05:09 | 210,351,942 | ---- | C] () -- \Dexter.S04E11.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-17 17:04:56 | 234,087,526 | ---- | C] () -- \Dexter.S04E10.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-17 17:04:48 | 209,909,566 | ---- | C] () -- \Dexter.S04E12.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-17 14:45:48 | 693,549,940 | ---- | C] () -- \Dexter 04- 10-12_PL.rar [2012-02-17 00:00:04 | 224,916,780 | ---- | C] () -- \Dexter.S04E08.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-16 23:59:50 | 214,033,688 | ---- | C] () -- \Dexter.S04E07.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-16 23:59:42 | 212,199,216 | ---- | C] () -- \Dexter.S04E09.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-16 21:15:58 | 690,158,892 | ---- | C] () -- \Dexter 04- 7-9_PL.rar [2012-02-16 17:23:34 | 450,608,978 | ---- | C] () -- \Asa Akira in Blowing Dr. Blue [XXX] Novy_for_ufs_pl.mp4 [2012-02-13 16:34:32 | 000,729,382 | ---- | C] () -- \DAEMON_Tools_Lite_Downloader.exe [2012-02-13 16:34:17 | 000,373,552 | ---- | C] () -- \SweetImSetup.exe [2012-02-13 16:32:12 | 000,141,946 | ---- | C] () -- \ind-sims.2.virtual.disk.rar [2012-02-13 01:53:51 | 013,356,838 | ---- | C] () -- \Sims2Budowanie.rar [2012-02-13 01:42:10 | 000,000,486 | ---- | C] () -- \Sims2_1_RIP.MDS [2012-02-13 01:41:59 | 001,618,176 | ---- | C] () -- \Sims2_1_RIP.MDF [2012-02-13 01:36:22 | 000,141,423 | ---- | C] () -- \The Sims 2 - Crack na budowanie.rar [2012-02-13 01:36:05 | 013,359,195 | ---- | C] () -- \The Sims 2 - Crack.rar [2012-02-12 18:03:42 | 3210,999,808 | ---- | C] () -- \TheWitcher 1.5 Enhanced Edition.iso [2012-02-12 17:32:27 | 1420,204,031 | ---- | C] () -- \TheWitcher.iso [2012-02-12 14:52:02 | 2326,691,839 | ---- | C] () -- \HAWX2.iso [2012-02-10 23:33:57 | 000,050,421 | ---- | C] () -- \yellow.jpg [2012-02-10 23:33:27 | 000,050,228 | ---- | C] () -- \black.jpg [2012-02-10 23:29:56 | 000,305,856 | ---- | C] () -- \16. Wiz Khalifa - Black And Yellow.mp3.sfk [2012-02-10 21:43:34 | 004,145,406 | ---- | C] () -- \The Lonely Island - I Just Had cenzura-spam (Ft. Akon)_newtracksdaily.mp3 [2012-02-10 21:16:23 | 000,290,947 | ---- | C] () -- \szklarnie-na-dachu-budynku.jpg [2012-02-10 18:35:32 | 000,099,405 | ---- | C] () -- \sypialnia_krola_loze.jpg [2012-02-10 18:33:52 | 000,116,379 | ---- | C] () -- \tron_04.jpg [2012-02-10 16:56:40 | 001,428,644 | ---- | C] () -- \539_quincy_street.jpg [2012-02-10 16:40:48 | 000,704,925 | ---- | C] () -- \New_York_City_New_York_08.jpg [2012-02-10 16:36:06 | 000,228,474 | ---- | C] () -- \graffiti+bubble.jpg [2012-02-10 15:36:30 | 002,283,529 | ---- | C] () -- \sony_vegas_pro_10.0_crack__pach_www.przeklej.pl.rar [2012-02-10 15:18:32 | 196,993,008 | ---- | C] () -- \Sony Vegas Pro 10c [x86][ENG] Novy_for_ufs_pl.rar [2012-02-10 12:32:56 | 199,815,342 | ---- | C] () -- \Dexter.S04E05.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-10 12:32:14 | 223,989,588 | ---- | C] () -- \Dexter.S04E04.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-10 12:32:07 | 227,130,028 | ---- | C] () -- \Dexter.S04E06.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-10 01:39:12 | 642,572,288 | ---- | C] () -- \Piraci_z_Karaibow_Cd2.iso [2012-02-10 01:38:52 | 702,912,512 | ---- | C] () -- \Piraci_z_Karaibow_Cd1.iso [2012-02-10 01:33:50 | 892,376,872 | ---- | C] () -- \The.Sims.2..Na.Studiach..PL.rar [2012-02-10 01:27:05 | 681,631,744 | ---- | C] () -- \The sims 2_3_tomekuic_for_ufs.iso [2012-02-10 01:27:05 | 681,631,744 | ---- | C] () -- \The sims 2_2.iso [2012-02-10 01:27:05 | 661,268,480 | ---- | C] () -- \Sims2_1_tomekuic_for_ufs.iso [2012-02-10 01:27:05 | 502,677,504 | ---- | C] () -- \The sims 2_4_tomekuic_for_ufs.iso [2012-02-09 19:07:50 | 110,580,527 | ---- | C] () -- \rihanna woman in black.rar [2012-02-09 18:06:48 | 009,716,688 | ---- | C] () -- \Icewater.themepack [2012-02-09 18:04:29 | 000,112,680 | ---- | C] () -- \WifiNetworkDiscovery.gadget [2012-02-08 23:35:17 | 689,932,064 | ---- | C] () -- \Dexter_04-4-6_PLrar.rar [2012-02-08 22:32:11 | 137,137,904 | ---- | C] () -- \Lil_Wayne-Tha_Carter_IV-(Deluxe_Edition)-2011-CR.rar [2012-02-08 22:22:00 | 000,549,664 | ---- | C] () -- \vshare-plugin.exe [2012-02-07 23:48:18 | 203,691,202 | ---- | C] () -- \Dexter.S04E02.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-07 23:48:06 | 221,493,194 | ---- | C] () -- \Dexter.S04E01.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-07 23:48:00 | 212,503,154 | ---- | C] () -- \Dexter.S04E03.PL.PDTV.XviD-PTRG.xbus.avi [2012-02-04 21:53:44 | 000,259,755 | ---- | C] () -- \Wyniki egzaminu z ochrony środowiska 1 II 2012.pdf [2012-02-03 14:17:10 | 387,698,729 | ---- | C] () -- \CrashDay.rar [2012-01-26 20:40:55 | 367,013,888 | ---- | C] () -- \Dexter s03e06.avi [2012-01-26 20:40:55 | 366,970,880 | ---- | C] () -- \Dexter s03e11.avi [2012-01-26 20:40:55 | 366,968,832 | ---- | C] () -- \Dexter s03e10.avi [2012-01-26 20:40:55 | 366,938,112 | ---- | C] () -- \Dexter s03e12.avi [2012-01-26 20:40:55 | 366,862,336 | ---- | C] () -- \Dexter s03e09.avi [2012-01-26 20:40:55 | 366,649,344 | ---- | C] () -- \Dexter s03e07.avi [2012-01-26 20:40:55 | 366,632,960 | ---- | C] () -- \Dexter s03e08.avi [2012-01-26 15:13:44 | 367,009,792 | ---- | C] () -- \Dexter s03e05.avi [2012-01-26 15:13:33 | 366,882,816 | ---- | C] () -- \Dexter s03e04.avi [2012-01-24 15:31:51 | 280,146,660 | ---- | C] () -- \Dexter.S03E04.DVDRiP.Lektor.PL.avi [2012-01-22 01:36:42 | 366,895,104 | ---- | C] () -- \Dexter.S03E03.PL.PDTV.XviD.avi.crdownload [2012-01-22 00:28:37 | 367,013,888 | ---- | C] () -- \Dexter.S03E02.PL.PDTV.XviD.avi.crdownload [2012-01-20 11:09:57 | 471,676,928 | ---- | C] () -- \Dexter.S03E01.PL.avi [2012-01-18 23:11:15 | 000,207,026 | ---- | C] () -- \ćwiczenia - S_WIŚ_PL_W23.pdf [2012-01-14 22:20:09 | 003,341,196 | ---- | C] () -- \ZIP-BO-wyklad5.pdf [2012-01-14 22:09:03 | 003,032,005 | ---- | C] () -- \ZIP-BO-wyklad4.pdf [2012-01-14 21:59:53 | 004,142,370 | ---- | C] () -- \ZIP-BO-wyklad3.pdf [2012-01-14 21:44:25 | 001,489,896 | ---- | C] () -- \ZIP-BO-wyklad2.pdf [2012-01-14 21:25:13 | 000,063,203 | ---- | C] () -- \Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar [2012-01-14 21:11:10 | 003,765,154 | ---- | C] () -- \ZIP-BO-wyklad1.pdf [2012-01-14 19:23:13 | 363,757,568 | ---- | C] () -- \Dexter.S02E12.PL.avi.crdownload [2012-01-14 15:29:43 | 366,331,904 | ---- | C] () -- \Dexter.S02E11.PL.avi [2012-01-14 14:12:26 | 366,209,024 | ---- | C] () -- \Dexter.S02E10.PL.avi [2012-01-14 12:19:11 | 366,192,640 | ---- | C] () -- \Dexter.S02E09.PL.avi [2012-01-14 12:03:50 | 366,446,592 | ---- | C] () -- \Dexter.S02E08.PL.avi.crdownload [2012-01-13 22:47:55 | 366,264,320 | ---- | C] () -- \Dexter.S02E07.PL.avi [2012-01-11 02:56:09 | 366,303,232 | ---- | C] () -- \Dexter.S02E06.PL.avi.crdownload [2012-01-09 17:10:05 | 000,001,861 | ---- | C] () -- \wpiwnicyintro.gp5 [2012-01-09 03:55:32 | 363,407,360 | ---- | C] () -- \Dexter.S02E01.PL.avi.crdownload [2012-01-09 00:55:27 | 002,997,092 | ---- | C] () -- \wyniki zaliczenia wykładów z geodezji gr. e,g,i,j 2011-12.tif- [2012-01-09 00:20:29 | 011,276,114 | ---- | C] () -- \transformacje.jpg [2012-01-04 19:54:27 | 003,411,963 | ---- | C] () -- \transformacje 2.jpg [2011-12-29 17:27:01 | 000,909,600 | ---- | C] () -- \chromeinstall.exe [2011-12-25 03:02:52 | 017,370,874 | ---- | C] () -- \CODmw3.crack-rld.rar [2011-12-21 10:23:30 | 000,007,583 | ---- | C] () -- \sungha_jung_pirates_of_the_caribbean.gp5 [2011-12-21 10:20:10 | 000,018,551 | ---- | C] () -- \misc_computer_games_skyrim_-_the_dragonborn_comes.gp5 [2011-12-21 10:17:07 | 000,036,406 | ---- | C] () -- \misc_computer_games_the_elder_scrolls_5_-_skyrim_theme.gp5 [2011-12-21 10:07:07 | 000,041,941 | ---- | C] () -- \metallica_nothing_else_matters (1).gp4 [2011-12-21 10:07:01 | 000,015,618 | ---- | C] () -- \metallica_nothing_else_matters.gp4 [2011-12-04 14:53:06 | 000,224,634 | ---- | C] () -- \dadzy.jpg [2011-12-04 14:21:26 | 000,279,337 | ---- | C] () -- \DSC00106.JPG [2011-12-02 09:37:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011-11-16 20:41:29 | 000,001,202 | ---- | C] () -- \I had a dream....rtf [2011-11-08 22:07:57 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI [2011-10-31 22:14:42 | 000,769,496 | ---- | C] () -- \bankbrowser_3_6.exe [2011-10-26 15:02:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011-10-26 15:02:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011-10-22 10:14:17 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011-10-22 10:14:17 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011-10-22 10:14:17 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011-10-22 10:14:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011-10-22 10:14:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011-10-22 10:14:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011-10-22 10:14:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011-10-22 10:14:17 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011-10-22 10:14:17 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011-10-09 13:40:14 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-10-09 13:39:58 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-10-09 13:39:50 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-10-09 13:39:42 | 000,000,269 | ---- | C] () -- C:\Windows\game.ini [2011-10-05 19:31:22 | 000,000,168 | ---- | C] () -- C:\Windows\usdthank.ini [2011-10-05 19:31:22 | 000,000,031 | ---- | C] () -- C:\Windows\idc.ini [2011-09-15 19:48:10 | 001,093,632 | ---- | C] () -- \BESTplayer.exe [2011-09-14 21:18:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-09-14 21:15:35 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-08-31 14:29:00 | 004,023,808 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011-07-12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-07-03 19:48:42 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011-06-17 06:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-06-17 06:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-01-04 14:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-08-11 03:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [color=#E56717]========== LOP Check ==========[/color] [2012-02-28 01:50:27 | 000,000,000 | ---D | M] -- C:\Users\%emanetewu%\AppData [2012-05-23 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\%emanetewu%\Desktop [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2012-03-13 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Autodesk [2012-01-11 19:06:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\Codemasters [2011-10-25 15:36:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dane aplikacji [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumenty [2012-02-17 21:56:33 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS [2012-05-08 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core [2012-05-08 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts [2012-04-15 18:25:41 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2012-01-03 22:31:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\id Software [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Menu Start [2012-05-11 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\muzo [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Pulpit [2012-05-11 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\RDRM [2012-01-23 08:41:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe [2011-10-30 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\All Users\RELOADED [2012-03-19 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\SimCity Societies [2012-05-08 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\Solidshield [2012-02-10 15:44:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Szablony [2012-02-04 19:19:19 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2012-05-23 16:24:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Test Drive Unlimited [2012-01-18 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Ulubione [2011-09-15 19:48:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Win7codecs [2009-07-14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Dane aplikacji [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2011-09-14 20:59:16 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menu Start [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Moje dokumenty [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009-07-14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Szablony [2009-07-14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2011-09-14 20:59:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Ustawienia lokalne [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2011-09-14 21:01:04 | 000,000,000 | -H-D | M] -- C:\Users\emanetewu\AppData [2011-09-14 21:01:14 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Contacts [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Cookies [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Dane aplikacji [2012-05-24 00:26:46 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Desktop [2012-05-23 21:30:15 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Documents [2012-05-24 00:21:10 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Downloads [2011-09-14 23:05:51 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Favorites [2009-07-14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Links [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Menu Start [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Moje dokumenty [2011-09-14 23:04:13 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Music [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\NetHood [2011-11-19 21:41:59 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Network [2012-05-08 14:42:30 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Pictures [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\PrintHood [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Recent [2012-04-15 14:05:29 | 000,000,000 | ---D | M] -- C:\Users\emanetewu\riotsGamesLogs [2012-02-17 21:59:21 | 000,000,000 | ---D | M] -- C:\Users\emanetewu\Saved Games [2011-09-14 23:04:42 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Searches [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\SendTo [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Szablony [2011-09-14 21:01:04 | 000,000,000 | -HSD | M] -- C:\Users\emanetewu\Ustawienia lokalne [2011-09-14 23:04:14 | 000,000,000 | R--D | M] -- C:\Users\emanetewu\Videos [2011-09-18 22:06:30 | 000,000,000 | ---D | M] -- C:\Users\emanetewu\WapSter [2012-05-24 00:19:17 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2012-02-21 12:21:18 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2009-07-14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009-07-14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2012-01-15 15:08:22 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009-07-14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2009-07-14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2009-07-14 10:28:09 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009-07-14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos [2012-04-24 08:24:46 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\Users\All Users\TEMP:E25BED53 @Alternate Data Stream - 129 bytes -> C:\Users\All Users\TEMP:A1454082 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E25BED53 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A1454082 < End of report >

OTL2

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-05-24 00:27:58 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = G:\logi Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,79% Memory free 5,99 Gb Paging File | 4,97 Gb Available in Paging File | 83,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,00 Gb Total Space | 4,90 Gb Free Space | 12,25% Space Free | Partition Type: NTFS Drive D: | 160,00 Gb Total Space | 5,95 Gb Free Space | 3,72% Space Free | Partition Type: NTFS Drive F: | 160,00 Gb Total Space | 32,32 Gb Free Space | 20,20% Space Free | Partition Type: NTFS Drive G: | 105,66 Gb Total Space | 9,76 Gb Free Space | 9,23% Space Free | Partition Type: NTFS Drive J: | 11,31 Gb Total Space | 9,82 Gb Free Space | 86,89% Space Free | Partition Type: FAT32 Computer Name: EMANETEWU123 | User Name: emanetewu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05ADFF45-FEE3-48C2-8C77-6696C76164A5}" = lport=138 | protocol=17 | dir=in | app=system | "{11CAD212-D906-4E5D-B94E-4E2DE6B44874}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2A418256-9A21-45BD-A2AF-40EB4DB50085}" = lport=10243 | protocol=6 | dir=in | app=system | "{2AC3DF6C-7D8C-4102-B37E-196B8462CE13}" = rport=139 | protocol=6 | dir=out | app=system | "{33136E04-5934-4BF6-ABE4-FE3DB9CDC07D}" = lport=139 | protocol=6 | dir=in | app=system | "{3E13283F-E502-4DDB-ABE3-740CE008E864}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5C1B7221-05FF-4AB8-942D-3058F09B97D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6DB27C1A-7398-4471-AF49-48A24A56EED4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7EB1246B-8BB2-4357-988B-B09DE20ED47C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C407A00-EC18-436E-A141-21E88DD4F17E}" = rport=137 | protocol=17 | dir=out | app=system | "{998F28D8-C65A-4255-AE62-C5E3F3C0FCDD}" = rport=10243 | protocol=6 | dir=out | app=system | "{9D4C3BE8-FB43-49E9-9262-4A93EBA84306}" = lport=445 | protocol=6 | dir=in | app=system | "{9D714699-6F36-49DB-A3DA-88D8451A1299}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A1704990-18AE-430F-9DD7-C0AE07506ECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B1E3A826-8EAF-4E24-BCE4-7341330FB1F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CA62A565-263A-4495-A63D-10E3F4EDB075}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D8D7DAAB-6E9C-4113-ADC1-3BE861A4998B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1E143C4-8EF5-428B-ABB3-3D726758505C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{E21DBBFC-5925-4472-B8C9-EC5EBD7C49AB}" = rport=445 | protocol=6 | dir=out | app=system | "{E3CB617D-785C-48F8-9C7F-3D904FD92B8A}" = lport=2869 | protocol=6 | dir=in | app=system | "{EB13591D-AA48-45F1-91E7-FED08AB09D37}" = lport=137 | protocol=17 | dir=in | app=system | "{F9A5D798-8EC9-4750-8F9F-2C60A0E4BDD4}" = rport=138 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00015E69-41FE-45DE-A9FA-CC4650036177}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{02CC626E-8D9F-402E-84BD-8804405FEE50}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{076E6F9E-4F6C-4D7F-80DE-BC5F0950CBD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0B7E9B0A-57D2-4436-8B65-31818B36F7E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0BF566D5-6995-443F-A91E-B82316B3C9A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{1AB5D584-DAFE-4FDE-80FC-98041522FCB1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{1D78F0D4-1892-4782-8272-A579BE253EF9}" = protocol=6 | dir=in | app=d:\tom clancy's h.a.w.x. 2\hawx2.exe | "{1F3BF4F6-63EE-4B35-AF92-A11592F1E116}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1FE2D184-C994-48D8-812B-021716BC1DAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{24027996-D293-43A6-853D-C46408E3EF48}" = protocol=17 | dir=in | app=d:\fable iii\fable3.exe | "{29A7899E-2EAA-4084-838C-52E47B5DBB9F}" = protocol=17 | dir=in | app=d:\steam\steamapps\emanetewu\condition zero\hl.exe | "{2D57B09D-459D-4C61-BA60-5177A601E5AB}" = protocol=6 | dir=in | app=d:\fable iii\fable3.exe | "{31956A25-6F5B-45AC-BB4A-75B52F9E7C1D}" = protocol=17 | dir=in | app=d:\cod mw\iw3mp.exe | "{36405912-BEDA-4D4C-BB9C-22762BBEAE2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{36BB39E2-6834-4D19-BC15-229ED3457F12}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{37492534-21CA-4CD1-A315-72C61A3A11B7}" = protocol=17 | dir=in | app=d:\tom clancy's h.a.w.x. 2\hawx2.exe | "{3ABCE95C-3B4F-4CE4-A737-C402A9E0D659}" = protocol=6 | dir=in | app=d:\steam\steamapps\emanetewu\counter-strike\hl.exe | "{3B106E40-C7CE-49DB-8E12-9E9D2888B840}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{3F99C37B-6A96-4639-8B2D-4C2DCEB1C306}" = protocol=17 | dir=in | app=d:\steam2\steamapps\emanetewu\counter-strike\hl.exe | "{4316F46E-399C-47D8-A6BB-BBBD5E0A9C51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{48302739-333B-47EF-B801-6CF924A69401}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{51A75F9B-DB38-4964-AE71-0DFB3B111EC6}" = protocol=17 | dir=in | app=d:\steam2\steam.exe | "{5D3AFAA8-0EF9-4428-9718-634B2341D73D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{604079A9-83A5-4308-B803-7D51B4275BA5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{60FF8D6A-5B19-4432-8AD5-90D7E0E69B45}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6501D1C2-33DA-49A4-9CFA-DF8B7654AC6B}" = protocol=6 | dir=in | app=d:\gta4\eflc\launcheflc.exe | "{67431C46-5008-4D13-95D0-4645554E268B}" = protocol=17 | dir=in | app=d:\nfs hot pursuit\launcher.exe | "{6FDA3018-2550-4130-BAD1-F91C05210DB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{789A41C4-9D11-496C-B1E3-EAEA683710DC}" = protocol=17 | dir=in | app=d:\gta4\eflc\launcheflc.exe | "{78C18A22-A780-42EA-8F7B-8D9AA0E4A944}" = protocol=6 | dir=in | app=d:\steam2\steam.exe | "{7AB72B14-7329-4A41-A4A6-72E50056DFFF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{81103CBD-B1EA-49B1-A0A8-34802F16CF8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{81533419-BCBC-44DA-AA50-7545D471E660}" = protocol=17 | dir=in | app=d:\tom clancy's h.a.w.x. 2\hawx2_dx11.exe | "{82B99D35-2C7E-4744-B36F-75EA4D2D82F0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{834127B8-2918-4529-93B5-4D18145D63B6}" = protocol=17 | dir=in | app=d:\steam\steamapps\emanetewu\counter-strike\hl.exe | "{858D9FF4-D043-4A0B-8AAB-8B93098BC922}" = protocol=17 | dir=in | app=d:\assassin's creed revelations\assassinscreedrevelations.exe | "{8855DE65-AFAF-4350-9489-3EFAF0541FB2}" = protocol=17 | dir=in | app=d:\assassin's creed revelations\acrsp.exe | "{8BAF3E88-F8DD-4BBC-98B5-D4C48608B835}" = protocol=6 | dir=in | app=d:\cod mw\iw3mp.exe | "{8D347A87-C05F-493E-9EC7-BDDB8ECC209E}" = protocol=17 | dir=in | app=d:\steam2\steamapps\emanetewu\condition zero\hl.exe | "{8E8BE0C6-3E9A-47BF-BACB-08F27167E41D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{91032269-7C21-4618-8B3D-7E9C6720AC0A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{940D325E-8B30-47B7-B223-1202C27BA6CD}" = protocol=6 | dir=out | app=system | "{9506247F-F48A-4B35-9A45-A5F4E3B49C06}" = protocol=6 | dir=in | app=d:\steam\steamapps\emanetewu\condition zero\hl.exe | "{98BC11D9-BDFB-4D53-BF3D-914AF24BE13F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{99D35542-4C44-4072-B6DC-0713C1DCC6C4}" = protocol=1 | dir=in | name=hlsw icmp | "{9A3F4571-9710-4742-8FC2-561D2986DB28}" = protocol=6 | dir=in | app=d:\nfs hot pursuit\launcher.exe | "{9F51EC03-3C25-4F6C-B404-36A3E48FD006}" = protocol=17 | dir=in | app=d:\steam2\steamapps\emanetewu\counter-strike\hl.exe | "{A04A7621-DEEA-4AEB-9F84-12B33EEA71C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B6B879E8-822B-4183-900B-2680F8F8EADB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B7B5DD2F-58F8-48D6-9843-0FD4375C7102}" = protocol=6 | dir=in | app=d:\steam2\steamapps\emanetewu\counter-strike\hl.exe | "{CCAC223D-6FFE-40E0-87A8-57A1121CA5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CF1C982B-62DB-49CC-8FE5-75E7136F6DA9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{D2424542-B5EC-4059-B6A1-DDE718603932}" = protocol=6 | dir=in | app=d:\assassin's creed revelations\assassinscreedrevelations.exe | "{D4C733BE-977E-4347-A788-D33EBA3C6142}" = protocol=6 | dir=in | app=d:\assassin's creed revelations\acrmp.exe | "{DA250606-107B-4624-BEF2-6A8FD42C823E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{DE7374C9-8780-4D18-B892-41E57FF0959C}" = protocol=6 | dir=in | app=d:\steam2\steamapps\emanetewu\condition zero\hl.exe | "{DEBD3FC3-0531-43AE-A4DD-38C352117B13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DFC44E6B-127E-40C5-AE34-FE8A57B1AF53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E91079CB-8D73-4388-8D74-3C46BF375DA6}" = protocol=6 | dir=in | app=d:\assassin's creed revelations\acrsp.exe | "{F0F9C339-8CC3-41CE-946B-65109DEC4ADB}" = protocol=6 | dir=in | app=d:\steam2\steamapps\emanetewu\counter-strike\hl.exe | "{F1DE7404-C712-476D-9228-422133E2604D}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{F28D2DC8-DD98-40DF-880B-2CBF1417DDA4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{F42986EE-A71E-463E-96C4-032156C83ED5}" = protocol=17 | dir=in | app=d:\assassin's creed revelations\acrmp.exe | "{F580183C-2EE7-4177-BCA0-731FF4B5095D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{FB530312-B40F-4981-A604-713BC79389BF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{FD4F0D4F-FE2F-41A6-A2EB-76A52F121D02}" = protocol=6 | dir=in | app=d:\tom clancy's h.a.w.x. 2\hawx2_dx11.exe | "TCP Query User{1287FF11-5425-475A-AB51-EB2F6BE68615}D:\guitar hero world tour\ghwt.exe" = protocol=6 | dir=in | app=d:\guitar hero world tour\ghwt.exe | "TCP Query User{12E6E286-B73B-49F8-B011-AE44E801CC8F}D:\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\test drive unlimited\testdriveunlimited.exe | "TCP Query User{1F1551C5-4A08-4714-95BB-3B8338DDCE28}D:\nfs hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\nfs hot pursuit\nfs11.exe | "TCP Query User{4521F543-80AF-4998-B726-0316CF8F9DFD}G:\game.of.thrones.rpg.steam.unlocked-ali213\binaries\win32\shippingpc-agotgame.exe" = protocol=6 | dir=in | app=g:\game.of.thrones.rpg.steam.unlocked-ali213\binaries\win32\shippingpc-agotgame.exe | "TCP Query User{4BE4303A-92BF-4EB0-BFEF-76C8264AB53A}D:\dead island\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=d:\dead island\dead island\deadislandgame.exe | "TCP Query User{510F3D3E-BF86-47EE-B37B-13100A051834}D:\grid\grid.exe" = protocol=6 | dir=in | app=d:\grid\grid.exe | "TCP Query User{518AF067-E36B-4D16-A99D-AB5B624ED802}D:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\shift 2 unleashed\shift2u.exe | "TCP Query User{6A9BAFE3-93B2-4DCD-BE31-A65BC3B59B01}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{8A2F88EF-955E-42F2-9E84-BE3391216ACA}C:\program files\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files\wapster\wapster aqq\aqq.exe | "TCP Query User{A7C8A58B-9402-45AF-A73E-4A2DE492AE2C}D:\trackmania 2\maniaplanet.exe" = protocol=6 | dir=in | app=d:\trackmania 2\maniaplanet.exe | "TCP Query User{B0412ECB-7A1F-470A-8290-F9725410118D}D:\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=d:\guitar hero iii\gh3.exe | "TCP Query User{B1542D9B-DEFB-4A30-A28E-F0DB5E5A0047}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{BA7B5464-571C-4AA4-B41F-F0E99DE34D95}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{C3A695B3-5782-4B6B-A4C8-92B9BA0B3B70}D:\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\stronghold 3\bin\win32_release\stronghold3.exe | "TCP Query User{CEBA4EBF-353D-455E-8BB7-90635A61BF33}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | "TCP Query User{D99263E7-52FF-439C-BAFA-933A71564690}D:\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=d:\guitar hero iii\gh3.exe | "TCP Query User{ED01B6A3-89B6-4F5B-BAC5-C547C1157266}G:\fifa.12.2011.clonedvd-p2p\game\fifa.exe" = protocol=6 | dir=in | app=g:\fifa.12.2011.clonedvd-p2p\game\fifa.exe | "TCP Query User{EE95A6D3-2E41-46E5-950F-16BF90551FD0}D:\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\stronghold 3\bin\win32_release\stronghold3.exe | "TCP Query User{FE2AF8F0-BA83-4B0E-A291-33CB35F2FF71}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{11E10040-55BF-4D03-BC99-4A8D1737FF11}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{2774E19A-2F31-4A7D-97FB-CE3F72873FC5}D:\dead island\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=d:\dead island\dead island\deadislandgame.exe | "UDP Query User{39FE76BD-0850-41D2-8169-CA5DE9D7D9E0}D:\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\test drive unlimited\testdriveunlimited.exe | "UDP Query User{3C119DFD-242B-4A80-9167-33B787C538F1}G:\game.of.thrones.rpg.steam.unlocked-ali213\binaries\win32\shippingpc-agotgame.exe" = protocol=17 | dir=in | app=g:\game.of.thrones.rpg.steam.unlocked-ali213\binaries\win32\shippingpc-agotgame.exe | "UDP Query User{5D4A2AAF-17BB-486F-AFC5-FF1E08D9DEC6}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{63A15AE4-D46F-455A-ADE6-E3C2D03A2FA3}D:\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\stronghold 3\bin\win32_release\stronghold3.exe | "UDP Query User{6471686E-90B2-4BF8-ACFF-82E37D6E4088}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{796BE39B-9B1A-44DC-9A1E-EF1C369F1081}D:\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\stronghold 3\bin\win32_release\stronghold3.exe | "UDP Query User{8225E5D6-D83B-46FA-8E06-B490FCC030A4}G:\fifa.12.2011.clonedvd-p2p\game\fifa.exe" = protocol=17 | dir=in | app=g:\fifa.12.2011.clonedvd-p2p\game\fifa.exe | "UDP Query User{8E4B0EC8-5522-4A9C-8B85-6A4780ED5E19}D:\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=d:\guitar hero iii\gh3.exe | "UDP Query User{904311F3-1565-41CA-A6D5-EF4574348920}D:\nfs hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\nfs hot pursuit\nfs11.exe | "UDP Query User{93C82CA8-4D04-4EFC-A6A5-4F3E27F25A50}D:\grid\grid.exe" = protocol=17 | dir=in | app=d:\grid\grid.exe | "UDP Query User{9A563195-BEA7-43C6-B8D6-4A755C4D4F57}D:\guitar hero world tour\ghwt.exe" = protocol=17 | dir=in | app=d:\guitar hero world tour\ghwt.exe | "UDP Query User{9C1940D6-4F26-4304-AA96-4D2260DC1906}D:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\shift 2 unleashed\shift2u.exe | "UDP Query User{CE33ECDC-7F20-45F8-8C3E-3CC932291AC2}D:\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=d:\guitar hero iii\gh3.exe | "UDP Query User{DF737586-BFF6-42DC-8D76-BEB570EE3DD2}D:\trackmania 2\maniaplanet.exe" = protocol=17 | dir=in | app=d:\trackmania 2\maniaplanet.exe | "UDP Query User{E6C7F136-40D3-46E0-9249-3B2D2FACAA36}C:\program files\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files\wapster\wapster aqq\aqq.exe | "UDP Query User{EE3A8E72-7CD6-44B8-BB2B-07AE5DD7EB8E}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{FCF7CAF7-CD9C-4F8F-B670-14B00E5F70B4}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212BA4B5-4ED0-CCFD-9675-9D3DE3D049B4}" = Catalyst Control Center Localization All "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28DFDEAD-1084-0F3F-E068-9135FC876027}" = Catalyst Control Center InstallProxy "{2B9B5777-D6CF-57B4-6228-FE5EE8C63ED0}" = ccc-utility "{2FCA5F46-55AA-B96E-87FA-47F5811E33AD}" = CCC Help Dutch "{30026C82-13BA-D7FF-E155-3D2B0C192A28}" = CCC Help Chinese Standard "{32022218-B297-B983-025B-A03A1C2B202C}" = CCC Help Finnish "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = PC TWIN SHOCK "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III "{4D53090A-CE35-42BD-B377-831000018302}" = Fable III "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City "{5783F2D7-9001-0415-0002-0060B0CE6BBA}" = AutoCAD 2011 - Polski "{5783F2D7-9001-0415-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Polski "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6617E770-55EE-587D-06FA-B49A8A6F2EF4}" = CCC Help Korean "{679E3E0C-E913-CA59-6664-A54BE85193E2}" = CCC Help Spanish "{68A408B2-80E0-9191-6FDF-6F8318E94B71}" = CCC Help Portuguese "{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0 "{6D93BD2D-BA71-491A-926C-37FE1580CEE0}" = Wiedźmin Edycja Rozszerzona – „Efekt uboczny” "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2 "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76A32E41-F8B9-50B3-5CEE-DD42115DF9A2}" = CCC Help Chinese Traditional "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}" = ccc-core-static "{813CFC98-FE1C-7249-49C8-017A227F8574}" = CCC Help Danish "{8218F4EC-35C0-2CEB-1ABC-24E114270157}" = CCC Help Italian "{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{83C1DE40-C1D3-9F4B-C5E1-12A3835FE1F0}" = CCC Help Polish "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{8FDE7841-D6E0-26FE-B923-D2F3533C7C9C}" = CCC Help Swedish "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{91C6CFF0-F3A1-CB93-9072-446C8B8774C1}" = CCC Help Japanese "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish) "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{98ADCC35-E388-B4D7-1353-6964CEF74CF1}" = CCC Help French "{98EE2259-4D34-6709-1447-6759E0C7C4E8}" = CCC Help Greek "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011 "{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A38939B8-4DE7-896D-01FA-C183EA33BBDA}" = CCC Help Russian "{A5FFD832-0F05-4564-8C53-721A545FD807}" = Piraci z Karaibów "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AC904169-4386-A9F9-AC00-67D5C42133BF}" = ATI Catalyst Install Manager "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin "{B60119FB-0A43-69BC-1D2C-EE3A91A85300}" = CCC Help Hungarian "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BE1738EB-A0EA-0A4F-F9A8-A8731F1B88CC}" = Catalyst Control Center Graphics Previews Common "{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited "{CAAB5F83-B7D1-6AD9-1D86-D37C3E1277C5}" = CCC Help Thai "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D7AE3689-D40E-DAFE-385D-2B45308E59B6}" = CCC Help English "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DD3E3DAA-B005-54D2-CF94-0C919F55CFCE}" = CCC Help Norwegian "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E11A86A7-B346-5FA0-A84B-8805B87580B4}" = CCC Help Turkish "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E8ED6EE9-B477-CD27-048A-6291A719A8A1}" = CCC Help German "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin "{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}" = Wiedźmin Edycja Rozszerzona - "Cena neutralności" "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FB3EB614-9284-5C13-6BDB-C8915F180881}" = CCC Help Czech "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Age of Empires 2.0" = Microsoft Age of Empires II "AIMP3" = AIMP3 "AP Tuner 3.08" = AP Tuner 3.08 "AQQ" = WapSter AQQ "AutoCAD 2011 - Polski" = AutoCAD 2011 - Polski "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1 "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "Diablo II" = Diablo II "Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52 "ESET Online Scanner" = ESET Online Scanner v3 "GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "Guitar Pro 5_is1" = Guitar Pro 5.2 "HLSW_is1" = HLSW v1.4.0.3 "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "IrfanView" = IrfanView (remove only) "MoorHunt_is1" = MoorHunt 0.6.7.2 "NapiProjekt_is1" = NapiProjekt (2.0.0.2151) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "Starcraft" = Starcraft "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.1.11 "WinRAR archiver" = WinRAR 4.01 (32-bitowy) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-4113232092-2038624738-2748385027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BankBrowser" = BankBrowser "Diablo II" = Diablo II "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-05-21 10:14:41 | Computer Name = emanetewu123 | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu 3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu "version" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2012-05-21 10:14:43 | Computer Name = emanetewu123 | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2012-05-21 10:16:20 | Computer Name = emanetewu123 | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\spybot - search & destroy\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\spybot - search & destroy\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2012-05-22 09:26:40 | Computer Name = emanetewu123 | Source = Application Hang | ID = 1002 Description = Program i_view32.exe w wersji 4.3.2.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: f6c Godzina rozpoczęcia: 01cd381e6cec3933 Godzina zakończenia: 13 Ścieżka aplikacji: C:\Program Files\IrfanView\i_view32.exe Identyfikator raportu: bdaddefd-a411-11e1-865f-818d0ddbcc14 Error - 2012-05-23 15:26:11 | Computer Name = emanetewu123 | Source = VSS | ID = 8194 Description = Error - 2012-05-23 17:10:35 | Computer Name = emanetewu123 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: jasp.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x00000000 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x206b6361 Identyfikator procesu powodującego błąd: 0x1778 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd39287b3c94e0 Ścieżka aplikacji powodującej błąd: D:\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: bccb41bd-a51b-11e1-8d5b-d671e28b5801 Error - 2012-05-23 17:11:19 | Computer Name = emanetewu123 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: jasp.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x00000000 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x206b6361 Identyfikator procesu powodującego błąd: 0x20c Godzina uruchomienia aplikacji powodującej błąd: 0x01cd3928977af394 Ścieżka aplikacji powodującej błąd: D:\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: d6ab9a0b-a51b-11e1-8d5b-d671e28b5801 Error - 2012-05-23 17:14:03 | Computer Name = emanetewu123 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: jasp.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x00000000 Nazwa modułu powodującego błąd: D3D9.DLL, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bd9a9 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00025a2c Identyfikator procesu powodującego błąd: 0x157c Godzina uruchomienia aplikacji powodującej błąd: 0x01cd3928dc97c789 Ścieżka aplikacji powodującej błąd: D:\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\D3D9.DLL Identyfikator raportu: 388fcc7a-a51c-11e1-8d5b-d671e28b5801 Error - 2012-05-23 17:16:11 | Computer Name = emanetewu123 | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: jasp.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x00000000 Nazwa modułu powodującego błąd: D3D9.DLL, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bd9a9 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00025a2c Identyfikator procesu powodującego błąd: 0x98c Godzina uruchomienia aplikacji powodującej błąd: 0x01cd39293aaba777 Ścieżka aplikacji powodującej błąd: D:\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\D3D9.DLL Identyfikator raportu: 84e5a317-a51c-11e1-8d5b-d671e28b5801 Error - 2012-05-23 18:18:31 | Computer Name = emanetewu123 | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary SCDEmu. System Error: Nie można odnaleźć określonego pliku. . [ System Events ] Error - 2012-05-20 09:11:29 | Computer Name = emanetewu123 | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-05-20 09:53:58 | Computer Name = emanetewu123 | Source = bowser | ID = 8003 Description = Error - 2012-05-20 12:24:33 | Computer Name = emanetewu123 | Source = bowser | ID = 8003 Description = Error - 2012-05-21 04:12:44 | Computer Name = emanetewu123 | Source = DCOM | ID = 10010 Description = Error - 2012-05-21 16:10:38 | Computer Name = emanetewu123 | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-05-22 03:08:28 | Computer Name = emanetewu123 | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 03:06:10 na ?2012-?05-?22 było nieoczekiwane. Error - 2012-05-23 02:09:05 | Computer Name = emanetewu123 | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-05-23 11:06:55 | Computer Name = emanetewu123 | Source = bowser | ID = 8003 Description = Error - 2012-05-23 11:31:34 | Computer Name = emanetewu123 | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.10. Komputer o adresie IP 192.168.0.12 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2012-05-23 16:21:29 | Computer Name = emanetewu123 | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.10. Komputer o adresie IP 192.168.0.12 nie zezwolił na przejęcie tej nazwy przez ten komputer. < End of report >

GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-24 01:01:37 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22A0RT0 rev.01.01A01 Running: qukzu9xb.exe; Driver: C:\Users\EMANET~1\AppData\Local\Temp\ugdoipod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83259579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327DF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C25000, 0x349F5E, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9D8A5300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9D8F1300, 0x1BEE, 0xE8000020] .text autochk.exe 004311D1 73 Bytes [10, 08, FE, 75, 41, 8B, 4D, ...] .text autochk.exe 0043121B 4 Bytes [0F, 84, C8, 00] .text autochk.exe 00431220 129 Bytes [00, 83, 7D, 18, 00, 7E, 6D, ...] .text autochk.exe 004312A2 1 Byte [00] .text autochk.exe 004312A2 7 Bytes [00, 00, C7, 44, 01, 04, 00] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 29, 00] {SUB [EAX], AL; SUB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 29, 00] {SUB [EBX], AL; SUB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 29, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 29, 00] {TEST AL, 0x1; SUB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 29, 00] {TEST AL, 0x2; SUB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 29, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 29, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 29, 00] {TEST AL, 0x0; SUB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 29, 00] {SUB [ECX], AL; SUB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 29, 00] {SUB [EDX], AL; SUB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 29, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 1D, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 19, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 19, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 19, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 19, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 28, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 28, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 28, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 28, 00] .text C:\Users\emanetewu\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FD250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FD2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FB5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FB56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FC8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FC4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FC50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FC51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73FC66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FC82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FC8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FC907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FCE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FC4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----

**Posty:** 18165 · przez **wojtas** 24 Maj 2012, 19:26

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

uruchom OTL, wszystkie opcje ustaw na Brak / Żadne, a w sekcji Własne opcje skanowania / skrypt wklej:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

i daj skanuj, zaprezentuj log

**Posty:** 370 · przez **eMaNeTeWu** 24 Maj 2012, 19:41

Kod: Zaznacz wszystko: # AdwCleaner v1.607 - Logfile created 05/24/2012 at 19:36:53 # Updated 23/05/2012 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : emanetewu - EMANETEWU123 # Running from : G:\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\StartSearch plugin File Deleted : C:\Users\EMANET~1\AppData\Local\Temp\Uninstall.exe ***** [Registry] ***** Key Deleted : HKCU\Software\StartSearch Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Registry is clean. -\\ Google Chrome v19.0.1084.52 File : C:\Users\emanetewu\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [2477 octets] - [24/05/2012 19:36:53] ########## EOF - C:\AdwCleaner[S1].txt - [2605 octets] ##########

Kod: Zaznacz wszystko: OTL logfile created on: 2012-05-24 19:41:19 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = G:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free 5,99 Gb Paging File | 4,65 Gb Available in Paging File | 77,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,00 Gb Total Space | 10,43 Gb Free Space | 26,07% Space Free | Partition Type: NTFS Drive D: | 160,00 Gb Total Space | 5,86 Gb Free Space | 3,66% Space Free | Partition Type: NTFS Drive F: | 160,00 Gb Total Space | 30,26 Gb Free Space | 18,91% Space Free | Partition Type: NTFS Drive G: | 105,66 Gb Total Space | 9,73 Gb Free Space | 9,21% Space Free | Partition Type: NTFS Drive I: | 590,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 11,31 Gb Total Space | 9,82 Gb Free Space | 86,89% Space Free | Partition Type: FAT32 Computer Name: EMANETEWU123 | User Name: emanetewu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders >[/color] "!Do not use this registry key" = Use the SHGetFolderPath or SHGetKnownFolderPath function instead "Programs" = C:\\Users\\%emanetewu%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs -- [2012-02-28 21:16:26 | 000,000,000 | ---D | M] "Desktop" = C:\\Users\\%emanetewu%\\Desktop -- [2012-05-23 23:05:22 | 000,000,000 | ---D | M] [color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders >[/color] "AppData" = %USERPROFILE%\AppData\Roaming -- [2012-05-24 18:10:04 | 000,000,000 | ---D | M] "Cache" = %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files -- [2012-05-08 18:17:45 | 000,000,000 | -HSD | M] "Cookies" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies -- [2012-05-23 20:49:16 | 000,000,000 | -HSD | M] "Desktop" = %USERPROFILE%\Desktop -- [2012-05-24 17:57:13 | 000,000,000 | R--D | M] "Favorites" = %USERPROFILE%\Favorites -- [2011-09-14 23:05:51 | 000,000,000 | R--D | M] "History" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History -- [2011-09-14 21:04:38 | 000,000,000 | -HSD | M] "Local AppData" = %USERPROFILE%\AppData\Local -- [2012-04-15 14:05:00 | 000,000,000 | ---D | M] "My Music" = %USERPROFILE%\Music -- [2011-09-14 23:04:13 | 000,000,000 | R--D | M] "My Pictures" = %USERPROFILE%\Pictures -- [2012-05-24 01:22:41 | 000,000,000 | R--D | M] "My Video" = %USERPROFILE%\Videos -- [2011-09-14 23:04:14 | 000,000,000 | R--D | M] "NetHood" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts -- [2009-07-14 04:04:25 | 000,000,000 | ---D | M] "Personal" = %USERPROFILE%\Documents -- [2012-05-24 01:19:37 | 000,000,000 | R--D | M] "Programs" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -- [2012-05-24 01:19:36 | 000,000,000 | ---D | M] "Recent" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent -- [2012-05-24 18:13:49 | 000,000,000 | R--D | M] "SendTo" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo -- [2012-02-24 22:19:02 | 000,000,000 | R--D | M] "Startup" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -- [2012-05-24 01:19:36 | 000,000,000 | ---D | M] "Start Menu" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu -- [2011-09-18 22:06:19 | 000,000,000 | R--D | M] "Templates" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates -- [2011-11-19 21:41:12 | 000,000,000 | ---D | M] "{374DE290-123F-4565-9164-39C4925E467B}" = %USERPROFILE%\Downloads -- [2012-05-24 19:40:42 | 000,000,000 | R--D | M] "PrintHood" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -- [2009-07-14 04:04:34 | 000,000,000 | ---D | M] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders >[/color] "Common Desktop" = C:\Users\Public\Desktop -- [2012-05-24 17:57:02 | 000,000,000 | RH-D | M] "Common Start Menu" = C:\ProgramData\Microsoft\Windows\Start Menu -- [2012-02-05 17:29:57 | 000,000,000 | R--D | M] "CommonVideo" = C:\Users\Public\Videos -- [2009-07-14 06:41:57 | 000,000,000 | R--D | M] "CommonPictures" = C:\Users\Public\Pictures -- [2009-07-14 06:41:57 | 000,000,000 | R--D | M] "Common Programs" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs -- [2012-05-24 18:00:32 | 000,000,000 | R--D | M] "CommonMusic" = C:\Users\Public\Music -- [2009-07-14 06:41:57 | 000,000,000 | R--D | M] "Common Administrative Tools" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools -- [2011-09-14 20:56:58 | 000,000,000 | R--D | M] "Common Startup" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup -- [2012-02-13 16:25:34 | 000,000,000 | R--D | M] "Common Documents" = C:\Users\Public\Documents -- [2012-02-21 12:21:18 | 000,000,000 | R--D | M] "OEM Links" = C:\ProgramData\OEM Links "Common Templates" = C:\ProgramData\Microsoft\Windows\Templates -- [2009-07-14 04:04:25 | 000,000,000 | ---D | M] "Common AppData" = C:\ProgramData -- [2012-05-24 18:00:32 | 000,000,000 | -H-D | M] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders >[/color] "Common Desktop" = %PUBLIC%\Desktop -- [2012-05-24 17:57:02 | 000,000,000 | RH-D | M] "Common Documents" = %PUBLIC%\Documents -- [2012-02-21 12:21:18 | 000,000,000 | R--D | M] "CommonPictures" = %PUBLIC%\Pictures -- [2009-07-14 06:41:57 | 000,000,000 | R--D | M] "CommonMusic" = %PUBLIC%\Music -- [2009-07-14 06:41:57 | 000,000,000 | R--D | M] "CommonVideo" = %PUBLIC%\Videos -- [2009-07-14 06:41:57 | 000,000,000 | R--D | M] "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}" = %PUBLIC%\Downloads -- [2009-07-14 06:41:57 | 000,000,000 | R--D | M] "Common Start Menu" = %ProgramData%\Microsoft\Windows\Start Menu -- [2012-02-05 17:29:57 | 000,000,000 | R--D | M] "Common Programs" = %ProgramData%\Microsoft\Windows\Start Menu\Programs -- [2012-05-24 18:00:32 | 000,000,000 | R--D | M] "Common Startup" = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup -- [2012-02-13 16:25:34 | 000,000,000 | R--D | M] "Common AppData" = %ProgramData% -- [2012-05-24 18:00:32 | 000,000,000 | -H-D | M] "Common Templates" = %ProgramData%\Microsoft\Windows\Templates -- [2009-07-14 04:04:25 | 000,000,000 | ---D | M] < End of report >

**Posty:** 18165 · przez **wojtas** 24 Maj 2012, 19:58

Otwórz Notatnik i wklej w nim:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders]
"AppData"="C:\\Users\\emanetewu\\AppData\\Roaming"
"Cache"="C:\\Users\\emanetewu\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"
"Cookies"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"
"Desktop"="C:\\Users\\emanetewu\\Desktop"
"Favorites"="C:\\Users\\emanetewu\\Favorites"
"History"="C:\\Users\\emanetewu\\AppData\\Local\\Microsoft\\Windows\\History"
"Local AppData"="C:\\Users\\emanetewu\\AppData\\Local"
"My Music"="C:\\Users\\emanetewu\\Music"
"My Pictures"="C:\\Users\\emanetewu\\Pictures"
"My Video"="C:\\Users\\emanetewu\\Videos"
"NetHood"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts"
"Personal"="C:\\Users\\emanetewu\\Documents"
"Programs"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs"
"Recent"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
"SendTo"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\SendTo"
"Startup"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"
"Start Menu"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu"
"Templates"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Templates"
"{374DE290-123F-4565-9164-39C4925E467B}"="C:\\Users\\emanetewu\\Downloads"
"PrintHood"="C:\\Users\\emanetewu\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts"

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG > Uruchom ten plik

daj nowy log ( w/w wymienionych ustawień) i normalnie