Konrad123 Opublikowano 17 Lipca 2012 Zgłoś Udostępnij Opublikowano 17 Lipca 2012 (edytowane) Witam. Mój komputer został zablokowany przez UKASH, nie wiem co mam zrobić, a wiem ze można to jakoś odblokować. Piszę do Was z trybu awaryjnego. Mam wielka prośbę, czy mógł by ktoś krok po kroku napisać co mam zrobić, nie mam w ogóle pojęcia o tym. LOGI. Z góry dziękuje. I przepraszam za poprzedni TEMAT. Pozdrawiam Konrad123. Extras.Txt OTL.Txt Edytowane 17 Lipca 2012 przez picasso Proszę czekać cierpliwie. Twoje podbijanie nic nie wskóra. Tematy są rozwiązywane w kolejności ich zakładania. //picasso Odnośnik do komentarza
picasso Opublikowano 17 Lipca 2012 Zgłoś Udostępnij Opublikowano 17 Lipca 2012 System jest także zabrudzony drastyczną ilością adware. Poza tym, uruchamiałeś jakiś skrypt do OTL. Nie wolno brać skryptów z innych tematów, nie pasują do żadnego innego systemu poza tym z którego logi zrobiono. Logi są inne: inne systemy, konta, ścieżki, daty, nazwy obiektów. W szczególnym przypadku coś można sobie uszkodzić! 1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :OTL IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}" IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}" IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817" IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&q={searchTerms}" IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = "http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4" IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\SearchScopes\{0E9049EE-1B55-4EF9-814E-093643E84921}: "URL" = "http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=" IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=1101316&mntrId=681054f8000000000000002682b4deb3" IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}" IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = "http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R83Z08Bs6&i=26" IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&q={searchTerms}" IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKU\S-1-5-21-2886629820-685136156-1796633609-1005\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found O4 - HKU\S-1-5-21-2886629820-685136156-1796633609-1005..\Run: [Akamai NetSession Interface] "C:\Users\Gosia\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-2886629820-685136156-1796633609-1005..\Run: [WSManHTTPConfig] C:\Users\Gosia\AppData\Local\Microsoft\Windows\4312\WSManHTTPConfig.exe () :Files C:\Users\Gosia\AppData\Local\Microsoft\Windows\4312 C:\Users\Gosia\AppData\Roaming\hellomoto C:\Users\Gosia\AppData\Roaming\Optimizer Pro C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml C:\found.* netsh advfirewall reset /C :Reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions] "{336D0C35-8A85-403a-B9D2-65C292C39087}"=- :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Klik w Wykonaj skrypt. System zostanie zrestartowany (i odblokowany), otworzy się log z wynikami usuwania. 2. Przez Panel sterowania odinstaluj adware: Babylon toolbar on IE, Complitly, Conduit Engine, Contextual Tool Advertzil1a, DAEMON Tools Toolbar, DealPly, Download Assistant, Facemoods Toolbar, FoxTab PDF Converter, free-downloads.net Toolbar, FreeSoundRecorder Toolbar, iLivid, Incredibar Toolbar on IE, Protector by IB 2.0.0.426, SFT_Polska Toolbar, ShopperReports, Softonic toolbar on IE and Chrome, SweetIM Toolbar for Internet Explorer 4.2, SweetIM for Messenger 3.6, TheBflix, Windows iLivid Toolbar Odinstaluj także zbędny Akamai NetSession Interface. 3. Uruchom AdwCleaner i zastosuj Delete. Z tego działania powstanie log na dysku C. 4. Wygeneruj nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log z usuwania OTL z punktu 1 oraz AdwCleaner z punktu 3. . Odnośnik do komentarza
Konrad123 Opublikowano 17 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 17 Lipca 2012 adw cleaner. nie moge dodac pliku # AdwCleaner v1.702 - Logfile created 07/17/2012 at 17:05:05 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Gosia - SZEF-KOMPUTER # Running from : C:\Users\Gosia\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Gosia\AppData\Local\Babylon Folder Deleted : C:\Users\Gosia\AppData\Local\Conduit Folder Deleted : C:\Users\Gosia\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Gosia\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Gosia\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Gosia\AppData\LocalLow\Incredibar.com Folder Deleted : C:\Users\Gosia\AppData\LocalLow\searchquband Folder Deleted : C:\Users\Gosia\AppData\LocalLow\Softonic Folder Deleted : C:\Users\Gosia\AppData\Roaming\Babylon Folder Deleted : C:\ProgramData\~0 Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Deleted : C:\Program Files (x86)\Incredibar.com Folder Deleted : C:\Program Files (x86)\Softonic Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar File Deleted : C:\Users\Gosia\AppData\Local\Temp\searchqutoolbar-manifest.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031817 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\DT Soft Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\SOFTWARE\SweetIM [x64] Key Deleted : HKLM\SOFTWARE\DataMngr [x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [6438 octets] - [17/07/2012 17:05:05] ########## EOF - C:\AdwCleaner[s1].txt - [6566 octets] ########## OTL : OTL logfile created on: 2012-07-17 17:13:03 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Gosia\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 32,19% Memory free 3,86 Gb Paging File | 2,29 Gb Available in Paging File | 59,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 295,44 Gb Free Space | 70,04% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS Drive F: | 2,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SZEF-KOMPUTER | User Name: Gosia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-07-17 12:13:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe PRC - [2012-07-04 00:35:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012-06-27 20:08:50 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012-06-27 20:07:14 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2012-04-26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012-04-26 14:08:24 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2012-03-31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012-03-31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012-02-16 12:40:20 | 000,197,112 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-10-21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE PRC - [2011-10-13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011-04-11 20:40:32 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile Internet Manager\DataCardMonitor.exe PRC - [2010-05-21 02:16:24 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010-05-21 02:16:22 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010-02-18 16:33:02 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswDisp.exe PRC - [2010-02-18 16:20:05 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009-12-23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009-12-23 19:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2009-12-19 04:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2009-12-09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2009-12-09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2007-07-24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012-07-17 15:57:32 | 000,115,137 | ---- | M] () -- C:\Users\Gosia\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll MOD - [2012-07-04 14:32:19 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll MOD - [2012-07-04 14:29:28 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll MOD - [2012-07-04 14:28:14 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012-07-04 14:21:20 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012-07-04 14:19:32 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012-07-04 14:19:10 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012-07-04 14:18:55 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012-07-04 03:33:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012-07-04 03:33:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012-07-04 03:33:12 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012-07-04 03:33:04 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012-07-04 03:31:16 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012-07-04 03:31:13 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012-07-04 03:31:11 | 018,000,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll MOD - [2012-07-04 03:31:03 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012-07-04 03:26:52 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll MOD - [2012-07-04 03:26:39 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll MOD - [2012-07-04 03:26:29 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012-07-04 03:26:15 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012-07-04 03:26:03 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012-07-04 03:25:51 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012-06-27 20:08:50 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012-06-27 20:08:50 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012-06-27 20:08:50 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012-03-31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010-07-14 14:13:45 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-07-14 14:13:41 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010-05-04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009-12-19 04:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2009-12-19 04:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2009-12-19 04:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012-07-03 16:41:12 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV:64bit: - [2012-03-07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012-03-07 02:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2010-02-18 16:32:41 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe -- (avast! Mail Scanner) SRV:64bit: - [2010-02-18 16:28:34 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswWebSv.exe -- (avast! Web Scanner) SRV:64bit: - [2010-02-18 16:20:05 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV:64bit: - [2009-08-11 18:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012-07-04 00:35:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-06-27 20:08:50 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-06-27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-06-15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2012-04-26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2012-02-15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-10-21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-10-13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011-08-01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-12-23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2009-12-09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2009-12-09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-07-24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-03 16:41:04 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012-03-07 02:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012-03-07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012-03-07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012-03-07 02:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012-03-07 02:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012-03-07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012-03-07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012-03-07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012-03-07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012-03-01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-11-01 18:04:17 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-06-23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-04-20 19:45:56 | 001,270,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607) DRV:64bit: - [2010-04-03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2010-03-26 11:14:52 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010-03-12 05:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010-02-02 17:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010-01-28 13:55:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010-01-21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2010-01-21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2010-01-21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2010-01-18 11:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009-12-17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009-10-19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2009-10-12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009-09-17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009-09-10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009-07-21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-01 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009-07-01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009-07-01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009-07-01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009-06-10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009-06-10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-04-29 17:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009-04-07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008-08-06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005-12-18 21:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DScaler\DSDrv4.sys -- (DSDrv4) DRV - [2005-01-01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SHCN_plPL419 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gosia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gosia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\PROTECTOR BY IB\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012-07-17 11:49:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-25 14:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Extensions [2012-04-27 15:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (internetspooler) - {0f7c6770-8f2f-1a7e-818c-204e7cbea831} - C:\Windows\SysWOW64\83c9c5a1.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found O2 - BHO: (SFT_Polska Toolbar) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4 - HKLM..\Run: [aswSdWiz] C:\Program Files\Alwil Software\Avast4\aswSdWiz.exe (ALWIL Software) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\aswDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [ares] "C:\Users\Gosia\Desktop\Samek\Ares\Ares.exe" -h File not found O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Users\Gosia\Desktop\Samek\MC\STAR WARS\SW\DAEMON Tools Lite\daemon.exe" -autorun File not found O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GG] C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - Startup: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D661CCA9-3EB2-4479-BEF6-1FCBDEDD003F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6A32E99-B391-4CFB-A5D2-D15A65653437}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (msoidssp) - C:\windows\SysNative\msoidssp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (msoidssp) - C:\windows\SysWow64\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6d69742d-9091-11e1-8dfb-bf09baff8133}\Shell - "" = AutoRun O33 - MountPoints2\{6d69742d-9091-11e1-8dfb-bf09baff8133}\Shell\AutoRun\command - "" = H:\LaunchEAWG.exe O33 - MountPoints2\{8dc23c8a-2491-11e1-a82c-917fbbe0fa36}\Shell - "" = AutoRun O33 - MountPoints2\{8dc23c8a-2491-11e1-a82c-917fbbe0fa36}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-17 12:14:07 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-17 12:13:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-07-15 20:03:45 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Desktop\MAFIA II [2012-07-15 20:03:31 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Desktop\Nowy folder [2012-07-12 09:31:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012-07-12 09:31:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012-07-12 09:31:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012-07-12 09:31:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012-07-12 09:31:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012-07-12 09:31:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012-07-12 09:31:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012-07-12 09:31:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012-07-12 09:31:30 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012-07-12 09:31:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012-07-12 09:31:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012-07-12 09:31:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012-07-12 09:31:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012-07-11 10:29:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012-07-10 14:47:53 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Local\ESL Wire Game Client [2012-07-10 14:47:40 | 000,147,472 | ---- | C] (<Turtle Entertainment>) -- C:\windows\SysNative\drivers\ESLWireACD.sys [2012-07-10 14:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire [2012-07-10 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire [2012-07-10 14:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire [2012-07-10 09:00:31 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Documents\Need for Speed World [2012-07-07 22:48:23 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\wargaming.net [2012-07-07 22:45:18 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Desktop\WoT [2012-07-06 19:07:06 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Local\SniperV2 Demo [2012-07-04 00:35:07 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Local\PunkBuster [2012-07-03 22:53:51 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32 [2012-07-01 22:02:52 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Local\fontconfig [2012-07-01 22:02:45 | 000,000,000 | ---D | C] -- C:\Users\Gosia\.gimp-2.8 [2012-07-01 22:02:44 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Local\gegl-0.2 [2012-07-01 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012-06-30 19:05:24 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\Registry Mechanic [2012-06-30 10:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic [2012-06-30 10:15:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox210.ocx [2012-06-30 10:15:37 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox10.ocx [2012-06-30 10:15:37 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX [2012-06-30 10:15:37 | 000,512,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml.dll [2012-06-30 10:15:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBoxVB12.ocx [2012-06-30 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012-06-30 10:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Registry Mechanic [2012-06-30 09:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [2012-06-30 07:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012-06-30 07:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012-06-29 22:53:37 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\OverloadX V2.1 [2012-06-28 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\OverloadX V5.1 [2012-06-27 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012-06-27 20:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012-06-27 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012-06-26 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Documents\EA Games [2012-06-26 20:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2012-06-26 20:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES [2012-06-26 20:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAS Entertainment [2012-06-26 19:50:30 | 000,000,000 | ---D | C] -- C:\New Folder [2012-06-24 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Desktop\My Shared Folder [2012-06-20 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\Avnex [2012-06-19 07:25:43 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012-06-19 07:25:43 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012-06-19 07:25:43 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012-06-19 07:25:19 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012-06-19 07:25:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012-06-19 07:25:19 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012-06-19 07:25:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012-06-19 07:25:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012-06-18 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Documents\Skype Voice Records [2012-06-18 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Documents\Clownfish Avatars [2012-06-18 17:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish [2012-02-20 10:03:08 | 002,371,152 | ---- | C] (DownVision ) -- C:\Users\Gosia\AppData\Local\setup.exe ========== Files - Modified Within 30 Days ========== [2012-07-17 17:17:43 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-17 17:17:43 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-17 17:14:11 | 000,001,044 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-17 17:08:34 | 000,001,040 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-17 17:08:23 | 000,000,284 | ---- | M] () -- C:\windows\tasks\RMAutoUpdate.job [2012-07-17 17:07:10 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat [2012-07-17 17:06:49 | 1553,088,512 | -HS- | M] () -- C:\hiberfil.sys [2012-07-17 16:47:02 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1005UA.job [2012-07-17 16:38:00 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1000UA.job [2012-07-17 16:16:33 | 000,624,883 | ---- | M] () -- C:\Users\Gosia\Desktop\adwcleaner.exe [2012-07-17 16:11:42 | 000,001,225 | ---- | M] () -- C:\prefs.js [2012-07-17 12:13:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-07-17 11:33:30 | 000,001,078 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1005UA.job [2012-07-17 11:32:34 | 000,001,006 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1005Core.job [2012-07-17 00:18:02 | 000,001,056 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1005Core.job [2012-07-16 20:34:11 | 000,002,466 | ---- | M] () -- C:\Users\Gosia\Desktop\Google Chrome.lnk [2012-07-16 20:16:52 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RMSchedule.job [2012-07-16 15:38:00 | 000,001,002 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1000Core.job [2012-07-15 20:13:07 | 000,534,634 | ---- | M] () -- C:\Users\Gosia\Documents\DSC01402.JPG [2012-07-15 17:03:13 | 005,023,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012-07-15 15:54:40 | 000,000,452 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Gosia.job [2012-07-13 02:44:33 | 001,284,477 | ---- | M] () -- C:\Users\Gosia\Desktop\ds.png [2012-07-13 02:43:05 | 001,284,477 | ---- | M] () -- C:\Users\Gosia\Desktop\4.png [2012-07-11 16:25:46 | 000,043,496 | ---- | M] () -- C:\Users\Gosia\Documents\ts3_clientui-win32-1334913258-2012-07-11 16_25_44.682641.dmp [2012-07-10 14:47:38 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012-07-09 14:03:49 | 000,000,218 | ---- | M] () -- C:\Users\Gosia\Desktop\Counter-Strike.url [2012-07-08 14:53:21 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2012-07-07 18:20:28 | 000,000,222 | ---- | M] () -- C:\Users\Gosia\Desktop\Risen 2.url [2012-07-06 18:09:10 | 000,000,222 | ---- | M] () -- C:\Users\Gosia\Desktop\Sniper Elite V2.url [2012-07-06 17:53:36 | 000,000,222 | ---- | M] () -- C:\Users\Gosia\Desktop\Ridge Racer Unbounded.url [2012-07-05 07:10:23 | 001,852,620 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012-07-05 07:10:23 | 000,813,466 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2012-07-05 07:10:23 | 000,726,792 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012-07-05 07:10:23 | 000,184,956 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2012-07-05 07:10:23 | 000,149,912 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012-07-05 07:10:05 | 001,852,620 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012-07-04 19:55:13 | 000,298,016 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr [2012-07-04 19:55:13 | 000,298,016 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe [2012-07-04 00:45:41 | 000,298,016 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0 [2012-07-04 00:35:32 | 000,076,888 | ---- | M] () -- C:\windows\SysWow64\PnkBstrA.exe [2012-07-04 00:04:05 | 003,130,440 | ---- | M] () -- C:\windows\SysWow64\pbsvc_blr.exe [2012-07-03 20:47:47 | 000,000,222 | ---- | M] () -- C:\Users\Gosia\Desktop\Blacklight Retribution.url [2012-07-03 16:41:12 | 000,168,864 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012-07-03 16:41:04 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\windows\SysNative\drivers\ESLWireACD.sys [2012-07-02 09:24:52 | 000,002,769 | ---- | M] () -- C:\Users\Gosia\AppData\Local\recently-used.xbel [2012-07-02 09:24:44 | 000,126,188 | ---- | M] () -- C:\Users\Gosia\Documents\pmun.jpg [2012-06-30 23:35:30 | 000,000,024 | ---- | M] () -- C:\Users\Gosia\random.dat [2012-06-30 23:17:15 | 000,000,044 | ---- | M] () -- C:\Users\Gosia\jagex_cl_runescape_LIVE.dat [2012-06-30 18:13:47 | 001,097,035 | ---- | M] () -- C:\Users\Gosia\Documents\DSC00197.JPG [2012-06-30 18:13:20 | 001,006,055 | ---- | M] () -- C:\Users\Gosia\Documents\DSC00196.JPG [2012-06-30 10:15:38 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2012-06-30 09:03:17 | 000,001,715 | ---- | M] () -- C:\Users\Gosia\Desktop\Counter Strike 1.6 No Steam.lnk [2012-06-30 09:03:17 | 000,001,711 | ---- | M] () -- C:\Users\Gosia\Desktop\Dedicated Server.lnk [2012-06-30 07:42:40 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012-06-27 20:07:02 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012-06-26 20:12:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\EYSA Editor.lnk [2012-06-24 23:01:30 | 003,240,448 | ---- | M] () -- C:\windows\SysWow64\83c9c5a1.dll [2012-06-24 23:01:27 | 003,236,352 | ---- | M] () -- C:\windows\SysWow64\f0039a67.exe [2012-06-24 03:00:08 | 000,000,235 | ---- | M] () -- C:\windows\SysWow64\nxEuUninstall.bat [2012-06-24 03:00:07 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\windows\NEXON_EU_DownloaderUpdater.exe [2012-06-22 17:45:32 | 000,020,480 | -H-- | M] () -- C:\Users\Gosia\Desktop\photothumb.db [2012-06-18 10:14:09 | 000,002,465 | ---- | M] () -- C:\Users\Gosia\Desktop\Ventrilo.lnk ========== Files Created - No Company Name ========== [2012-07-17 16:16:31 | 000,624,883 | ---- | C] () -- C:\Users\Gosia\Desktop\adwcleaner.exe [2012-07-15 20:12:49 | 000,534,634 | ---- | C] () -- C:\Users\Gosia\Documents\DSC01402.JPG [2012-07-13 02:44:33 | 001,284,477 | ---- | C] () -- C:\Users\Gosia\Desktop\ds.png [2012-07-13 02:43:05 | 001,284,477 | ---- | C] () -- C:\Users\Gosia\Desktop\4.png [2012-07-11 16:25:44 | 000,043,496 | ---- | C] () -- C:\Users\Gosia\Documents\ts3_clientui-win32-1334913258-2012-07-11 16_25_44.682641.dmp [2012-07-10 14:47:44 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012-07-10 14:47:38 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012-07-08 14:53:21 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2012-07-07 18:20:28 | 000,000,222 | ---- | C] () -- C:\Users\Gosia\Desktop\Risen 2.url [2012-07-06 18:09:10 | 000,000,222 | ---- | C] () -- C:\Users\Gosia\Desktop\Sniper Elite V2.url [2012-07-06 17:53:36 | 000,000,222 | ---- | C] () -- C:\Users\Gosia\Desktop\Ridge Racer Unbounded.url [2012-07-04 00:35:11 | 000,298,016 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.xtr [2012-07-04 00:13:13 | 000,298,016 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2012-07-04 00:13:13 | 000,298,016 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.ex0 [2012-07-04 00:13:11 | 003,130,440 | ---- | C] () -- C:\windows\SysWow64\pbsvc_blr.exe [2012-07-03 20:47:47 | 000,000,222 | ---- | C] () -- C:\Users\Gosia\Desktop\Blacklight Retribution.url [2012-07-02 19:37:47 | 000,000,218 | ---- | C] () -- C:\Users\Gosia\Desktop\Counter-Strike.url [2012-07-02 09:24:52 | 000,002,769 | ---- | C] () -- C:\Users\Gosia\AppData\Local\recently-used.xbel [2012-07-02 09:24:44 | 000,126,188 | ---- | C] () -- C:\Users\Gosia\Documents\pmun.jpg [2012-06-30 19:00:02 | 000,000,284 | ---- | C] () -- C:\windows\tasks\RMAutoUpdate.job [2012-06-30 18:11:40 | 001,097,035 | ---- | C] () -- C:\Users\Gosia\Documents\DSC00197.JPG [2012-06-30 18:11:17 | 001,006,055 | ---- | C] () -- C:\Users\Gosia\Documents\DSC00196.JPG [2012-06-30 10:16:24 | 000,000,286 | ---- | C] () -- C:\windows\tasks\RMSchedule.job [2012-06-30 10:15:38 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2012-06-30 10:15:37 | 000,040,408 | ---- | C] () -- C:\windows\SysNative\CleanMFT64.exe [2012-06-30 09:03:17 | 000,001,715 | ---- | C] () -- C:\Users\Gosia\Desktop\Counter Strike 1.6 No Steam.lnk [2012-06-30 09:03:17 | 000,001,711 | ---- | C] () -- C:\Users\Gosia\Desktop\Dedicated Server.lnk [2012-06-30 07:42:40 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012-06-27 20:07:02 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012-06-26 20:12:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\EYSA Editor.lnk [2012-06-24 23:01:30 | 003,240,448 | ---- | C] () -- C:\windows\SysWow64\83c9c5a1.dll [2012-06-24 23:01:30 | 003,236,352 | ---- | C] () -- C:\windows\SysWow64\f0039a67.exe [2012-06-18 10:14:09 | 000,002,465 | ---- | C] () -- C:\Users\Gosia\Desktop\Ventrilo.lnk [2012-05-22 09:37:18 | 000,007,618 | ---- | C] () -- C:\Users\Gosia\AppData\Local\Resmon.ResmonCfg [2012-04-16 11:52:58 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012-03-28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012-03-28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2012-03-28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012-03-28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012-03-28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012-03-03 10:46:38 | 000,000,275 | ---- | C] () -- C:\Users\Gosia\AppData\Local\HamsterVideoConverterSettings.cfg [2012-02-11 02:03:06 | 000,000,000 | ---- | C] () -- C:\Users\Gosia\jagex_runescape_preferences.dat [2012-01-28 21:24:50 | 000,000,000 | ---- | C] () -- C:\Users\Gosia\AppData\Local\{B3A9A004-2DC0-4A34-A0B7-EBB58AE6C494} [2012-01-25 05:38:12 | 000,042,392 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll [2011-12-30 16:47:21 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011-12-30 16:47:21 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5C4A737ACE.sys [2011-12-26 12:05:24 | 000,000,044 | ---- | C] () -- C:\Users\Gosia\jagex_cl_runescape_LIVE.dat [2011-12-26 12:05:24 | 000,000,024 | ---- | C] () -- C:\Users\Gosia\random.dat [2011-09-08 17:13:14 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll [2011-08-30 22:11:09 | 000,003,584 | ---- | C] () -- C:\Users\Gosia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-08-30 20:10:11 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini [2011-05-08 13:25:47 | 001,852,620 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011-02-23 21:11:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-01-26 11:00:38 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe ========== LOP Check ========== [2012-06-20 21:55:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\.minecraft [2012-03-03 10:23:52 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\avidemux [2012-06-20 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Avnex [2011-10-26 09:23:41 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-04-27 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\DAEMON Tools [2012-02-10 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Free Sound Recorder [2012-07-07 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu 10 [2012-07-15 12:48:57 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GameRanger [2012-07-17 17:12:11 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GG [2012-03-08 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\gtk-2.0 [2012-05-21 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ipla [2011-10-17 10:08:59 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\IrfanView [2011-11-01 17:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\LibreOffice [2011-12-06 22:05:24 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Need for Speed World [2011-09-01 06:17:00 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenFM [2011-09-18 19:10:44 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenOffice.org [2012-06-29 23:02:15 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OverloadX V2.1 [2012-06-28 22:22:04 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OverloadX V5.1 [2012-04-28 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Petroglyph [2011-12-04 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PhotoScape [2011-11-19 09:00:52 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Ponys [2012-06-30 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Registry Mechanic [2012-05-04 16:23:40 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Samsung [2011-12-27 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\SumatraPDF [2012-04-26 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\TeamViewer [2012-02-15 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Teeworlds [2012-05-21 10:45:15 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\TS3Client [2012-06-09 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ts3overlay [2012-05-16 08:32:26 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Unity [2012-07-07 22:48:23 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\wargaming.net [2012-07-17 00:18:02 | 000,001,056 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1005Core.job [2012-07-17 11:33:30 | 000,001,078 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2886629820-685136156-1796633609-1005UA.job [2012-07-17 17:08:23 | 000,000,284 | ---- | M] () -- C:\windows\Tasks\RMAutoUpdate.job [2012-07-16 20:16:52 | 000,000,286 | ---- | M] () -- C:\windows\Tasks\RMSchedule.job [2012-06-11 10:16:24 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > Odnośnik do komentarza
picasso Opublikowano 17 Lipca 2012 Zgłoś Udostępnij Opublikowano 17 Lipca 2012 Konrad123 proszę wklejaj logi systemem załączników. Zadania wykonane, ale jeszcze wymagane poprawki: 1. Nie odinstalowałeś paska SFT_Polska Toolbar, a ja jeszcze ominęłam przez nieuwagę usuwanie Internet Spooling Service. Do wykonania obie deinstalacje. 2. Otwórz Notatnik i wklej w nim: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG Z prawokliku na plik wybierz w menu opcję Scal i potwierdź import do rejestru. 3. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :OTL O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) :Files C:\Program Files (x86)\Optimizer Pro C:\prefs.js :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Klik w Wykonaj skrypt. Tak jak poprzednio: system zostanie zrestartowany i otworzy się log z wynikami usuwania. 4. Wygeneruj nowy log OTL z opcji Skanuj (bez Extras). . Odnośnik do komentarza
Konrad123 Opublikowano 17 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 17 Lipca 2012 wykonano tego paska mi panel sterowania nie znajduje :SFT_Polska Toolbaru to usunelem : Internet Spooling Servics zrobilem ten plik FIX.REG czy to wszystko ? \\przepraszam ale nie moge dodawac zalacznikow.\\ oto info z OTL All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe moved successfully. ========== FILES ========== C:\Program Files (x86)\Optimizer Pro folder moved successfully. C:\prefs.js moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gosia ->Temp folder emptied: 14084178 bytes ->Temporary Internet Files folder emptied: 65932 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1596 bytes User: Public User: SZEF %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 524288 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 14,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07182012_001937 Files\Folders moved on Reboot... C:\Users\Gosia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\windows\temp\TMP000000C5EE9D099CB7F4CD20 not found! PendingFileRenameOperations files... File C:\Users\Gosia\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\windows\temp\TMP000000C5EE9D099CB7F4CD20 not found! Registry entries deleted on Reboot... Odnośnik do komentarza
picasso Opublikowano 18 Lipca 2012 Zgłoś Udostępnij Opublikowano 18 Lipca 2012 (edytowane) Zapomniałeś dodać nowy log OTL z opcji Skanuj. Do załącznika. \\przepraszam ale nie moge dodawac zalacznikow.\\ A log z usuwania nie chciał się załączyć, gdyż załączniki obsługują tylko rozszerzenie *.TXT, a tu jest *.LOG. Na przyszłość: wystarczy zmiana nazwy pliku. . Edytowane 18 Sierpnia 2012 przez picasso 18.08.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi