Starej załogi już pewnie nie ma ale standardy na pewno się nie zmieniły.
Rutynowa kontrola nic więcej, zobaczcie jak ma się mój PC.
Gmer
- Kod: Zaznacz wszystko
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-24 18:24:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-8 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB
Running: y13pe2wg.exe; Driver: C:\Users\TOMASZ~1\AppData\Local\Temp\pgxdyuow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033b2000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 598 fffff800033b2036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1640:1664] 000007fefc9f1a70
Thread C:\Windows\system32\svchost.exe [1640:1672] 000007fefc9f1a70
Thread C:\Windows\system32\svchost.exe [1640:1684] 000007fefc9f1a70
Thread C:\Windows\system32\svchost.exe [1640:1692] 000007fef9042c70
Thread C:\Windows\system32\svchost.exe [1640:1700] 000007fef904fb40
Thread C:\Windows\system32\svchost.exe [1640:1716] 000007fef9061d20
Thread C:\Windows\system32\svchost.exe [1640:1720] 000007fef904f6f0
Thread C:\Windows\system32\svchost.exe [1640:1796] 000007fef8fa35c0
Thread C:\Windows\system32\svchost.exe [1640:2088] 000007fef8fa5600
Thread C:\Windows\system32\svchost.exe [1640:2248] 000007fef7d62940
Thread C:\Windows\system32\svchost.exe [1640:1580] 000007fef5fe2888
Thread C:\Windows\system32\svchost.exe [1640:3152] 000007fef5fe2a40
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D6E7A11E-10B3-454B-9428-59F50A8C576D}?\Device\{480FAF29-EC28-4465-978D-F35ABAE76BD6}?\Device\{C6B682AA-667C-4516-A914-A72467CE1AEE}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D6E7A11E-10B3-454B-9428-59F50A8C576D}"?"{480FAF29-EC28-4465-978D-F35ABAE76BD6}"?"{C6B682AA-667C-4516-A914-A72467CE1AEE}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D6E7A11E-10B3-454B-9428-59F50A8C576D}?\Device\TCPIP6TUNNEL_{480FAF29-EC28-4465-978D-F35ABAE76BD6}?\Device\TCPIP6TUNNEL_{C6B682AA-667C-4516-A914-A72467CE1AEE}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{480FAF29-EC28-4465-978D-F35ABAE76BD6}@InterfaceName Reusable Microsoft 6To4 Adapter
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{480FAF29-EC28-4465-978D-F35ABAE76BD6}@ReusableType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{951B2EFC-ED40-4F8D-8035-401191A317E5}@InterfaceName Reusable ISATAP Interface {951B2EFC-ED40-4F8D-8035-401191A317E5}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{951B2EFC-ED40-4F8D-8035-401191A317E5}@ReusableType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 4499
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2999
---- Files - GMER 2.1 ----
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V22YE2E9\background_gradient[1] 0 bytes
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V22YE2E9\down[2] 0 bytes
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V22YE2E9\ErrorPageTemplate[1] 2168 bytes
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V22YE2E9\httpErrorPagesScripts[2] 0 bytes
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V22YE2E9\info_48[1] 0 bytes
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS1ZCSU1\bullet[1] 0 bytes
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS1ZCSU1\dnserrordiagoff_webOC[1] 6884 bytes
File C:\Users\Tomasz Ostrowski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS1ZCSU1\errorPageStrings[1] 0 bytes
---- EOF - GMER 2.1 ----
Extras
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2013-09-24 18:26:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomasz Ostrowski\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,98 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 42,18% Memory free
7,96 Gb Paging File | 5,26 Gb Available in Paging File | 66,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 404,57 Gb Free Space | 86,88% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 229,60 Gb Free Space | 98,59% Space Free | Partition Type: NTFS
Computer Name: TOMASZOSTROWSKI | User Name: Tomasz Ostrowski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C5E5B4A8-8575-4995-A6F5-399D22709719}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F873C9F-011F-4B72-B827-6998D912C0ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{13AD534A-5632-49F3-9C08-C54C40AAE390}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1B3CCB1E-891A-4407-BF51-0163FFC8524C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{295E839B-90A1-4BAF-B256-0313F1A476D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{674CF111-7CE4-4C88-95E4-820ECD39420F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6C741CD4-1050-4C4B-828F-DEC64B9DC2C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6CB9DE21-081E-4B75-A30E-FCDBFFB43FDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{730DFD12-5CBC-4BD5-9D4C-7CDE6F965077}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78FD06A8-41F6-4423-A4F1-AFE44429FD9A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{93551B65-C2CB-44AE-952E-3C6F958778F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{AAE36B50-DD17-4CB8-9453-CFE595E37C56}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B1DA2E0A-CC09-4C4E-8170-696F5951511B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BA72EF39-FBFC-4928-98DD-1493B4633EFC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DB4E0748-A371-4224-ABD9-D2C0292D4086}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E89DDA24-B5EC-40E8-A99F-7D7CB0E46E8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E979CF2D-5BBE-4627-A4A3-87FA1E72AAAD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EA1A7C3C-15FC-4E41-B7A2-17FF5945CF08}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EF4EDA07-4414-4F79-919C-DC718BD6DA04}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F3C647E1-45FA-4A6B-B36E-CCA9A6F77C68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{F4220D78-C056-41F3-95F5-6B278EA2C4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F7208FC8-EF40-4C3B-B838-85216E4BB606}" = dir=in | app=%programfiles% (x86)\driver-soft\drivergenius\drivergenius.exe |
"TCP Query User{144C610D-3738-46F0-B702-F036B9B61647}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{35C3869F-875A-4389-A76F-91369DFDBD7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{408B0A75-7EB7-4211-8770-53B29BBD856E}C:\users\tomasz ostrowski\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tomasz ostrowski\appdata\roaming\spotify\spotify.exe |
"TCP Query User{632DE681-38E2-4E46-965B-45CA54C5FA57}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{C304CF85-91DD-4253-93B9-9A411757C292}C:\program files (x86)\championship manager 01-02\cm0102.exe" = protocol=6 | dir=in | app=c:\program files (x86)\championship manager 01-02\cm0102.exe |
"UDP Query User{4B0A2B74-05B2-4B72-90CA-F14CE9320F3F}C:\program files (x86)\championship manager 01-02\cm0102.exe" = protocol=17 | dir=in | app=c:\program files (x86)\championship manager 01-02\cm0102.exe |
"UDP Query User{7EBB8548-F50A-4FCE-B72C-54B4E7A0D6FD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{AEB647BC-2564-433D-BC99-698E65F03FBB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B9CC536A-B0E4-43F7-B3CF-778BB74FB877}C:\users\tomasz ostrowski\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tomasz ostrowski\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C01E3236-D7CB-41A9-9165-9F519BE6C824}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{2dc86c5c-2516-4f7c-b6e3-3abe822255c0}.sdb" = cm0102
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{4905245D-56E7-4176-BE68-962728B803D6}" = ROCCAT Kone Pure Mouse Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AkashaNET" = AkashaNET 1.27
"Championship Manager 01-02" = Championship Manager 01-02
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Driver Genius_is1" = Driver Genius
"Flvto Youtube Downloader" = Flvto Youtube Downloader
"foobar2000" = foobar2000 v1.1.15
"Fraps" = Fraps (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.4.0 (Basic)
"League of Legends 3.0.1" = League of Legends
"LOLReplay" = LOLReplay
"Mirillis Action!" = Action!
"Mozilla Firefox 20.0.1 (x86 pl)" = Mozilla Firefox 20.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Open Broadcaster Software" = Open Broadcaster Software
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Cm3 EEC Hacker v1.4
"Steam App 219740" = Don't Starve
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.20 (32-bit)
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-433052973-2909053011-686389523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2013-06-17 12:50:57 | Computer Name = TomaszOstrowski | Source = .NET Runtime | ID = 1026
Description =
Error - 2013-06-17 12:50:58 | Computer Name = TomaszOstrowski | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.2.2.0, sygnatura
czasowa: 0x4e32f719 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002b69f6 Identyfikator
procesu powodującego błąd: 0x620 Godzina uruchomienia aplikacji powodującej błąd:
0x01ce6b7acce16382 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\AutoKMS\AutoKMS.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: 1521da20-d76e-11e2-8135-002522bd7362
Error - 2013-06-17 14:59:45 | Computer Name = TomaszOstrowski | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2013-06-17 15:14:24 | Computer Name = TomaszOstrowski | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2013-06-18 07:42:44 | Computer Name = TomaszOstrowski | Source = .NET Runtime | ID = 1026
Description =
Error - 2013-06-18 07:42:46 | Computer Name = TomaszOstrowski | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.2.2.0, sygnatura
czasowa: 0x4e32f719 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002069f6 Identyfikator
procesu powodującego błąd: 0x638 Godzina uruchomienia aplikacji powodującej błąd:
0x01ce6c18e9a21863 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\AutoKMS\AutoKMS.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: 317415b2-d80c-11e2-8ef3-002522bd7362
Error - 2013-06-18 09:06:18 | Computer Name = TomaszOstrowski | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2013-06-18 10:19:33 | Computer Name = TomaszOstrowski | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2013-06-18 10:40:00 | Computer Name = TomaszOstrowski | Source = .NET Runtime | ID = 1026
Description =
Error - 2013-06-18 10:40:01 | Computer Name = TomaszOstrowski | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.2.2.0, sygnatura
czasowa: 0x4e32f719 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002e69f6 Identyfikator
procesu powodującego błąd: 0x66c Godzina uruchomienia aplikacji powodującej błąd:
0x01ce6c31a9bf53ef Ścieżka aplikacji powodującej błąd: C:\WINDOWS\AutoKMS\AutoKMS.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: f46539eb-d824-11e2-8ec4-002522bd7362
[ System Events ]
Error - 2013-09-19 05:16:57 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-20 05:14:57 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-21 06:39:12 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-22 06:00:37 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-22 13:59:46 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-22 16:23:09 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-23 05:21:30 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-23 15:14:39 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-23 15:42:00 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 2013-09-24 05:38:22 | Computer Name = TomaszOstrowski | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
< End of report >
OTL
- Kod: Zaznacz wszystko
OTL logfile created on: 2013-09-24 18:26:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomasz Ostrowski\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,98 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 42,18% Memory free
7,96 Gb Paging File | 5,26 Gb Available in Paging File | 66,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 404,57 Gb Free Space | 86,88% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 229,60 Gb Free Space | 98,59% Space Free | Partition Type: NTFS
Computer Name: TOMASZOSTROWSKI | User Name: Tomasz Ostrowski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-09-24 18:24:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tomasz Ostrowski\Downloads\OTL.exe
PRC - [2013-09-24 17:57:55 | 000,377,856 | ---- | M] () -- C:\Users\Tomasz Ostrowski\Downloads\y13pe2wg.exe
PRC - [2013-01-30 18:50:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-01-23 23:57:38 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-12-31 15:48:19 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2012-12-31 15:48:19 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2012-12-18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-30 12:07:08 | 000,569,040 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
PRC - [2012-09-14 13:14:54 | 001,771,008 | ---- | M] (Peter Pawlowski) -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2009-02-16 00:04:10 | 000,964,608 | ---- | M] (QuestPRO Software) -- C:\Program Files (x86)\AkashaNET\KDLink32.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-09-24 17:57:55 | 000,377,856 | ---- | M] () -- C:\Users\Tomasz Ostrowski\Downloads\y13pe2wg.exe
MOD - [2013-09-17 05:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Tomasz Ostrowski\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
MOD - [2013-09-17 05:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Tomasz Ostrowski\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013-09-17 05:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Tomasz Ostrowski\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013-09-17 05:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Tomasz Ostrowski\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013-09-17 05:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Tomasz Ostrowski\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013-04-04 01:09:40 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2012-09-14 13:13:42 | 000,298,496 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
MOD - [2012-09-14 13:13:32 | 001,632,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2012-09-14 13:13:32 | 000,359,936 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2012-09-14 13:13:28 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2012-09-14 13:13:10 | 000,915,968 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2012-09-14 13:13:08 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2012-09-14 13:12:50 | 000,287,744 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2012-09-14 13:12:44 | 000,491,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2012-09-14 13:12:08 | 000,173,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
MOD - [2012-09-14 13:12:06 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
MOD - [2012-09-14 13:11:24 | 000,150,016 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2012-06-23 15:54:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll
MOD - [2010-04-21 14:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2007-03-26 17:37:48 | 000,177,664 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_winamp_spam.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2013-06-20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2013-06-20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2013-03-29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2012-12-10 15:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2012-12-10 15:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-09-20 15:18:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-23 00:00:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-30 18:50:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-01-23 23:57:38 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-12-31 15:48:19 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012-12-18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013-06-18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2013-03-29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013-03-29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013-03-04 09:42:06 | 000,127,568 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2013-02-14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013-01-23 23:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012-11-08 13:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:[b]64bit:[/b] - [2012-11-08 13:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:[b]64bit:[/b] - [2012-10-03 00:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2012-09-17 20:53:18 | 000,049,560 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:[b]64bit:[/b] - [2012-09-13 07:13:42 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-06-05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-12-30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2009-12-21 22:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:[b]64bit:[/b] - [2009-11-24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009-11-24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2009-06-17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-433052973-2909053011-686389523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-433052973-2909053011-686389523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=30FF002522BD7362&affID=119982&tsp=5004
IE - HKU\S-1-5-21-433052973-2909053011-686389523-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-433052973-2909053011-686389523-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-433052973-2909053011-686389523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.backup.ftp: "85.239.7.180"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "85.239.7.180"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "85.239.7.180"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "107.6.95.50"
FF - prefs.js..network.proxy.ftp_port: 6588
FF - prefs.js..network.proxy.http: "107.6.95.50"
FF - prefs.js..network.proxy.http_port: 6588
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "107.6.95.50"
FF - prefs.js..network.proxy.socks_port: 6588
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "107.6.95.50"
FF - prefs.js..network.proxy.ssl_port: 6588
FF - prefs.js..network.proxy.type: 0
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tomasz Ostrowski\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tomasz Ostrowski\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-06-23 00:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
[2013-02-14 00:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomasz Ostrowski\AppData\Roaming\mozilla\Extensions
[2013-09-13 13:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomasz Ostrowski\AppData\Roaming\mozilla\Firefox\Profiles\454nzedc.default\extensions
[2013-09-13 13:19:14 | 000,000,000 | ---D | M] (Web Layers) -- C:\Users\Tomasz Ostrowski\AppData\Roaming\mozilla\Firefox\Profiles\454nzedc.default\extensions\firefox@weblayers.co
[2013-07-08 20:33:42 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Tomasz Ostrowski\AppData\Roaming\mozilla\Firefox\Profiles\454nzedc.default\extensions\foxyproxy@eric.h.jung
[2013-06-23 00:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-06-23 00:00:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-06-23 00:00:05 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2013-06-23 00:00:05 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2013-06-23 00:00:05 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2013-06-23 00:00:05 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2013-06-23 00:00:05 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-06-23 00:00:05 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2013-09-13 13:47:31 | 000,450,636 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RoccatKonePure] C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACE98FF7-09B2-441D-8755-B031AE8CE237}: NameServer = 178.212.120.5 208.67.222.222
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-09-19 13:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013-09-19 13:58:47 | 000,000,000 | ---D | C] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Notepad++
[2013-09-19 13:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013-09-13 14:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013-09-13 14:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013-09-13 13:34:31 | 000,000,000 | ---D | C] -- C:\Users\Tomasz Ostrowski\AppData\Local\VS Revo Group
[2013-09-13 13:34:27 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013-09-13 13:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013-09-13 13:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013-09-13 13:19:14 | 000,000,000 | ---D | C] -- C:\Users\Tomasz Ostrowski\AppData\Local\avgchrome
[2013-09-11 12:18:10 | 000,000,000 | R--D | C] -- C:\Users\Tomasz Ostrowski\Videos
[2013-09-11 12:18:10 | 000,000,000 | R--D | C] -- C:\Users\Tomasz Ostrowski\Pictures
[2013-09-11 12:12:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-09-11 12:12:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-09-11 12:12:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-09-11 12:12:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-09-11 12:12:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-09-11 12:12:11 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-09-11 12:12:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-09-11 12:12:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-09-11 12:12:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-09-11 12:12:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-09-11 12:12:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-09-11 12:12:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-09-11 12:12:09 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-09-11 12:12:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-09-11 12:12:08 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-09-11 11:29:17 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013-09-11 11:29:15 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-09-11 11:29:14 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-09-11 11:29:14 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-09-11 11:29:14 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-09-11 11:29:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013-09-11 11:29:14 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-09-11 11:29:13 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013-09-11 11:29:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013-09-11 11:29:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013-09-11 11:29:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-09-11 11:29:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013-09-11 11:29:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013-09-11 11:29:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013-09-11 11:29:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-09-11 11:29:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013-09-11 11:29:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 11:29:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 11:29:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 11:29:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-09-11 11:29:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 11:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 11:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 11:29:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-09-11 11:29:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-09-11 11:29:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013-09-11 11:29:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013-09-11 11:29:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 11:29:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 11:29:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 11:29:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 11:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 11:29:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-09-11 11:29:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013-09-06 20:03:41 | 000,000,000 | R--D | C] -- C:\Users\Tomasz Ostrowski\Music
[2013-09-06 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\Tomasz Ostrowski\AppData\Local\Spotify
[2013-09-06 20:02:14 | 000,000,000 | ---D | C] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Spotify
[2013-09-04 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fraps
[2013-08-27 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\OBS
[2013-08-27 16:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-09-24 18:18:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-09-24 18:04:04 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-433052973-2909053011-686389523-1000UA.job
[2013-09-24 17:55:34 | 000,000,242 | ---- | M] () -- C:\Users\Tomasz Ostrowski\AppData\Local\poetsch.bat
[2013-09-24 14:31:04 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-09-24 14:31:04 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-09-24 14:29:22 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-09-24 13:06:01 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-24 13:06:01 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-24 13:01:08 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-09-24 11:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-24 11:38:05 | 3206,762,496 | -HS- | M] () -- C:\hiberfil.sys
[2013-09-23 22:04:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-433052973-2909053011-686389523-1000Core.job
[2013-09-20 15:18:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-09-20 15:18:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-09-20 12:06:32 | 000,002,381 | ---- | M] () -- C:\Users\Tomasz Ostrowski\Desktop\Google Chrome.lnk
[2013-09-20 11:14:43 | 004,981,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-09-19 15:04:44 | 000,000,132 | ---- | M] () -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
[2013-09-13 13:47:31 | 000,450,636 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-09-06 20:02:20 | 000,001,822 | ---- | M] () -- C:\Users\Tomasz Ostrowski\Desktop\Spotify.lnk
[2013-09-04 22:04:45 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013-09-04 20:43:31 | 001,549,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-09-04 20:43:31 | 000,697,896 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-09-04 20:43:31 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-09-04 20:43:31 | 000,135,006 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-09-04 20:43:31 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-08-27 16:10:37 | 000,000,935 | ---- | M] () -- C:\Users\Tomasz Ostrowski\Desktop\Open Broadcaster Software.lnk
[2013-08-27 13:45:20 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Action!.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-09-06 20:02:20 | 000,001,822 | ---- | C] () -- C:\Users\Tomasz Ostrowski\Desktop\Spotify.lnk
[2013-09-04 22:04:45 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013-08-27 16:10:37 | 000,000,935 | ---- | C] () -- C:\Users\Tomasz Ostrowski\Desktop\Open Broadcaster Software.lnk
[2013-07-03 23:59:03 | 000,000,242 | ---- | C] () -- C:\Users\Tomasz Ostrowski\AppData\Local\poetsch.bat
[2013-05-28 22:22:48 | 000,641,024 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
[2013-03-29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013-03-29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013-01-15 13:44:38 | 000,000,132 | ---- | C] () -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
[2012-12-31 15:48:50 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2012-12-31 15:48:50 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012-11-27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-11-07 23:06:10 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-10-31 23:28:41 | 002,577,776 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2012-10-17 21:16:26 | 000,000,218 | ---- | C] () -- C:\Users\Tomasz Ostrowski\.recently-used.xbel
[2012-10-01 20:25:14 | 000,007,607 | ---- | C] () -- C:\Users\Tomasz Ostrowski\AppData\Local\Resmon.ResmonCfg
[2012-10-01 16:49:01 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-10-01 16:49:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012-10-01 16:25:14 | 001,574,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-09-26 22:06:02 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-09-26 22:06:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-09-26 20:53:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-09-26 20:50:10 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012-07-28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-07-28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-06-19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013-02-15 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013-07-26 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\FlvtoConverter
[2013-09-24 18:26:53 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\foobar2000
[2013-07-04 15:46:04 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\LolClient
[2012-10-15 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Mirillis
[2013-08-15 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Mumble
[2013-09-19 13:59:05 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Notepad++
[2013-09-05 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\OBS
[2012-10-20 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Publish Providers
[2013-07-04 14:11:19 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Riot Games
[2013-08-12 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Sony
[2013-09-24 16:11:27 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\Spotify
[2013-09-24 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\TS3Client
[2013-09-22 22:26:54 | 000,000,000 | ---D | M] -- C:\Users\Tomasz Ostrowski\AppData\Roaming\uTorrent
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
