Wirus wysyłanie wiadomości na facebook'u i skype

przez **Thetor67** » 22 Kwi 2013, 20:04

Hej, otóż mam problem, w menedżerze zadań robi się dużo "wirusowych" procesów, które moim zdaniem wysyłają wiadomości na facebook'u o jakimś zdjęciu.
Log z OTL -

Kod: Zaznacz wszystko: OTL logfile created on: 2013-04-22 19:59:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1\Documents Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 59,48% Memory free 4,80 Gb Paging File | 3,78 Gb Available in Paging File | 78,69% Paging File free Paging file location(s): a:\pagefile.sys 2600 2700c:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,94 Gb Total Space | 79,57 Gb Free Space | 56,45% Space Free | Partition Type: NTFS Computer Name: 1-KOMPUTER | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-22 19:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1\Documents\OTL.exe PRC - [2013-04-06 12:40:38 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2013-03-13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2013-02-27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe PRC - [2013-02-26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe PRC - [2013-02-19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2013-02-19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe PRC - [2013-02-18 20:45:06 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2013-01-15 19:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2012-12-10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012-12-10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2012-07-02 16:15:14 | 000,380,328 | ---- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- A:\Programy\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-12-18 21:48:04 | 000,295,936 | ---- | M] (Mz Ultimate Tools) -- C:\Program Files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe PRC - [2003-02-21 12:46:58 | 000,191,488 | ---- | M] () -- A:\Gry PC\gamma adjuster\GammaAdjuster.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-03-17 14:09:45 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013-01-15 19:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll MOD - [2013-01-08 21:29:41 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll MOD - [2013-01-07 18:57:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2013-01-07 18:56:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2013-01-07 18:56:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2013-01-07 18:56:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2013-01-07 18:56:02 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2013-01-07 18:55:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011-09-19 09:07:38 | 000,058,368 | ---- | M] () -- C:\Windows\System32\bdmpega.acm MOD - [2011-02-04 16:36:39 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pl_b77a5c561934e089\System.resources.dll MOD - [2003-02-21 12:46:58 | 000,191,488 | ---- | M] () -- A:\Gry PC\gamma adjuster\GammaAdjuster.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-03-17 14:09:45 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-02-27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013-02-19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013-02-18 20:45:06 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2013-01-26 10:57:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2012-12-10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-09-05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012-08-25 16:26:35 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-08-03 15:32:42 | 000,397,848 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012-08-01 16:50:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012-07-17 16:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant) SRV - [2012-07-02 16:15:14 | 000,380,328 | ---- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2012-06-11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- A:\Programy\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010-12-28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [Disabled | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\mseow.sys -- (mseow) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\gmzioaj.sys -- (gmzioaj) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys -- (FairplayKD) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2013-03-01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013-02-26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013-02-18 20:45:06 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013-02-08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013-02-08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013-02-08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013-02-08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013-02-08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013-01-07 18:27:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013-01-07 18:27:51 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2013-01-07 18:27:51 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-12-02 21:46:19 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012-10-05 14:54:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2012-09-05 17:34:00 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-08-01 18:16:48 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2012-07-05 13:53:38 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- A:\Programy\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter) DRV - [2012-07-05 13:53:36 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- A:\Programy\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter) DRV - [2012-07-02 16:15:18 | 000,975,272 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) DRV - [2012-06-11 12:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012-01-05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- A:\Programy\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor) DRV - [2011-12-29 13:37:44 | 000,028,464 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2011-05-13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-05-13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011-05-13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011-05-13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010-11-26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010-11-09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-11-04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF) DRV - [2010-11-01 07:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010-03-16 10:58:38 | 000,014,400 | ---- | M] (SR Research Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ebinfiltr.sys -- (ebinfiltr) DRV - [2009-09-21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-08-22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32) DRV - [2009-07-23 22:02:56 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008-12-26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) DRV - [2007-11-09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007-07-15 03:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088 IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms} IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={70B915DA-9864-441E-BADD-4054F6A5AE3C}&mid=c129b2926a484ecf849f2a0a57be5a4a-737d6be3d3d76da21980eded92fe6334dfb0c32a&lang=pl&ds=is015&pr=sa&d=2012-09-28 20:55:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.pah.org.pl/pajacyk/dziekujemy" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.145.0 FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.14.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_US&apn_uid=09DD9307-79BE-4CCD-BE0D-D1F909FCEC43&apn_ptnrs=^U3&apn_sauid=A3031538-0F14-41C7-B751-AA56DE6FB939&apn_dtid=^YYYYYY^YY^PL&&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\1\AppData\Local\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-18 20:45:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013-01-27 15:23:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-01-26 10:57:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-08-02 18:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\mozilla\Extensions [2013-02-03 09:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions [2012-09-24 19:13:01 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected] [2012-10-19 18:57:58 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected] [2013-01-14 19:33:23 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected] [2012-08-26 18:04:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected] [2013-02-03 10:01:47 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected] [2012-09-21 23:03:06 | 000,005,403 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\[email protected] [2013-01-27 16:59:17 | 000,242,487 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\[email protected] [2013-01-30 21:28:12 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\[email protected] [2013-02-01 15:42:42 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-14 19:33:22 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-01-15 20:24:20 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-03-17 22:21:42 | 000,002,575 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\askcom.xml [2012-08-26 18:03:40 | 000,003,915 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\sweetim.xml [2012-09-07 15:02:42 | 000,002,469 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\Web Search.xml [2013-01-26 10:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-01-26 10:57:14 | 000,000,000 | ---D | M] ("BitAccelerator") -- C:\Program Files\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f} [2013-01-27 15:23:29 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2013-01-26 10:57:27 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-06-28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2013-01-05 17:46:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2013-02-18 20:45:31 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-08-11 14:04:57 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013-01-05 17:46:01 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2013-01-05 17:46:01 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2013-01-05 17:46:01 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-22 16:11:30 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml [2013-01-05 17:46:01 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-01-05 17:46:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: James White = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\ CHR - Extension: Battlefield Heroes = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\ CHR - Extension: Adblock Plus = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Tampermonkey = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124.188_0\ CHR - Extension: BitAccelerator = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngjfmklipimnkegmcilmbhchklgjgfl\1.1_0\ CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: James White = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\ CHR - Extension: Battlefield Heroes = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\ CHR - Extension: Adblock Plus = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Tampermonkey = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124.188_0\ CHR - Extension: BitAccelerator = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngjfmklipimnkegmcilmbhchklgjgfl\1.1_0\ CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ O1 HOSTS File: ([2012-11-04 12:49:05 | 000,000,888 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 65.52.240.48 O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [GammaAdjuster] A:\Gry PC\gamma adjuster\GammaAdjuster.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [bfcadfccsacfsfdsf] C:\ProgramData\bfcadfccsacfsfdsf.exe (ICQ, LLC.) O4 - HKCU..\Run: [Ceujmgywnzatxwwn.exe] C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe () O4 - HKCU..\Run: [MzRAMBooster] C:\Program Files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe (Mz Ultimate Tools) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\1\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D25B12F-707F-486E-A618-1E8FFA0178FC}: DhcpNameServer = 194.204.152.34 194.204.159.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O18 - Protocol\Handler\wlpg - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\Windows\System32\ati2evxx.dll (ATI Technologies Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f874c611-f75b-11e1-a6fd-001636e517b0}\Shell - "" = AutoRun O33 - MountPoints2\{f874c611-f75b-11e1-a6fd-001636e517b0}\Shell\AutoRun\command - "" = E:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-22 19:34:55 | 000,000,000 | ---D | C] -- C:\_OTL [2013-04-22 19:33:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\1\Documents\OTL.exe [2013-04-22 16:14:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-04-22 16:12:21 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\AVG2013 [2013-04-22 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013-04-22 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\TuneUp Software [2013-04-22 16:08:56 | 000,000,000 | -H-D | C] -- C:\$AVG [2013-04-22 16:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013-04-22 16:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2013-04-22 16:07:16 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\MFAData [2013-04-22 16:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013-04-22 16:07:16 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Avg2013 [2013-04-22 15:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013-04-22 15:11:09 | 000,182,784 | ---- | C] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe [2013-04-20 22:42:13 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013-04-20 22:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013-04-20 22:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013-04-13 19:08:34 | 000,519,168 | ---- | C] (TroyaN) -- C:\Users\1\Desktop\Tak.exe [2013-04-09 20:43:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2013-04-09 20:42:41 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2013-04-09 20:42:41 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2013-04-09 20:42:40 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll [2013-04-09 20:42:40 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll [2013-04-09 20:42:40 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2013-04-09 20:42:40 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2013-04-09 20:42:40 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2013-04-09 20:42:40 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2013-04-09 20:42:40 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll [2013-04-09 20:42:40 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll [2013-04-09 20:42:39 | 002,417,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2013-04-09 20:42:39 | 001,497,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2013-04-09 20:42:39 | 000,645,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2013-04-09 20:42:39 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll [2013-04-09 20:42:39 | 000,192,104 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll [2013-04-09 20:42:39 | 000,087,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll [2013-04-09 20:42:39 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll [2013-04-09 20:42:39 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll [2013-04-09 20:42:39 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll [2013-04-09 20:42:38 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2013-04-09 20:42:38 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2013-04-09 20:42:38 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat [2013-04-09 20:42:38 | 003,173,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2013-04-09 20:42:38 | 001,185,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2013-04-09 20:42:38 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2013-04-09 20:42:38 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2013-04-09 20:42:38 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2013-04-09 20:42:38 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2013-04-09 20:42:38 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2013-04-09 20:42:38 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2013-04-09 20:42:38 | 000,105,824 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2013-04-09 20:42:38 | 000,091,488 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2013-04-09 20:42:38 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2013-04-09 20:42:38 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2013-04-09 20:42:38 | 000,061,792 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2013-04-09 20:42:37 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2013-04-09 20:42:37 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2013-04-09 20:42:37 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll [2013-04-09 20:42:37 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2013-04-09 20:42:37 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2013-04-09 20:42:37 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2013-04-09 20:42:35 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2013-04-09 20:42:35 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2013-04-09 20:42:35 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2013-04-09 20:42:35 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2013-04-09 20:42:35 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2013-04-09 20:42:35 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2013-04-09 20:42:35 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2013-04-09 20:42:35 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2013-04-09 20:42:35 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2013-04-09 20:42:35 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2013-04-09 20:42:35 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2013-04-09 20:42:35 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2013-04-09 20:42:35 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2013-04-09 20:42:35 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2013-04-09 20:42:35 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2013-04-09 20:42:35 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2013-04-09 20:42:35 | 000,176,736 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2013-04-09 20:42:35 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2013-04-02 15:35:56 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2013-04-02 15:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5 [2013-04-02 15:35:53 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5 [2013-03-27 13:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-22 20:03:41 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe [2013-04-22 20:03:39 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe [2013-04-22 19:52:28 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe [2013-04-22 19:44:24 | 000,021,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-04-22 19:44:24 | 000,021,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-04-22 19:42:17 | 000,661,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-04-22 19:42:17 | 000,125,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-04-22 19:42:17 | 000,026,954 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-04-22 19:42:17 | 000,012,646 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-04-22 19:36:01 | 003,702,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-04-22 19:35:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-04-22 19:35:33 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2013-04-22 19:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1\Documents\OTL.exe [2013-04-22 19:29:48 | 000,103,424 | ---- | M] () -- C:\Users\1\AppData\Roaming\42CE.exe [2013-04-22 19:26:24 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Vattlndlblsewagb.exe [2013-04-22 19:24:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isjwlfosmicqgbrq.exe [2013-04-22 19:09:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Wpdehzkkewqgochs.exe [2013-04-22 19:06:52 | 000,216,538 | ---- | M] () -- C:\Users\1\Desktop\krzysiubobr.jpg [2013-04-22 19:06:52 | 000,006,428 | ---- | M] () -- C:\Users\1\.recently-used.xbel [2013-04-22 17:23:54 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Knaimcwyyxunfcfk.exe [2013-04-22 16:38:18 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isynqidzpmpkcskv.exe [2013-04-22 16:09:58 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013-04-22 15:34:00 | 000,117,996 | ---- | M] () -- C:\Users\1\Desktop\kon-dom.jpg [2013-04-22 14:30:09 | 000,975,558 | ---- | M] () -- C:\Users\1\Desktop\gaddemjuson.jpg [2013-04-22 09:58:22 | 001,398,249 | ---- | M] () -- C:\Users\1\Desktop\2013-04-22 09.58.22.jpg [2013-04-22 09:08:14 | 001,045,118 | ---- | M] () -- C:\Users\1\Desktop\2013-04-22 09.08.15.jpg [2013-04-21 17:05:53 | 002,466,286 | ---- | M] () -- C:\Users\1\Desktop\nafejsa.jpg [2013-04-21 16:53:04 | 000,223,321 | ---- | M] () -- C:\Users\1\Desktop\avatarnaskajp.jpg [2013-04-21 16:26:39 | 001,644,157 | ---- | M] () -- C:\Users\1\Desktop\Bez nazwy.xcf [2013-04-21 13:20:27 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2013-04-20 13:13:52 | 000,000,213 | ---- | M] () -- C:\Users\1\Desktop\Left 4 Dead.url [2013-04-19 21:20:34 | 000,011,830 | ---- | M] () -- C:\Users\1\AppData\Local\recently-used.xbel [2013-04-14 12:18:59 | 000,006,662 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.ini [2013-04-14 08:56:30 | 000,006,662 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.bak [2013-04-14 08:27:49 | 000,006,662 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.bko [2013-04-13 19:08:16 | 000,519,168 | ---- | M] (TroyaN) -- C:\Users\1\Desktop\Tak.exe [2013-04-13 18:47:46 | 000,096,256 | ---- | M] () -- C:\Users\1\AppData\Roaming\chrtmp [2013-04-08 15:55:25 | 000,001,099 | ---- | M] () -- C:\Users\1\Desktop\GammaAdjuster — skrót.lnk [2013-04-08 15:52:49 | 000,006,685 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.bk! [2013-03-27 08:22:19 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3838626967-3587868773-1472854575-1000Core1ce2ab36f84c811.job [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-22 19:52:27 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe [2013-04-22 19:35:37 | 003,702,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013-04-22 19:29:48 | 000,103,424 | ---- | C] () -- C:\Users\1\AppData\Roaming\42CE.exe [2013-04-22 19:26:24 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Vattlndlblsewagb.exe [2013-04-22 19:24:00 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Isjwlfosmicqgbrq.exe [2013-04-22 19:08:59 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Wpdehzkkewqgochs.exe [2013-04-22 19:06:52 | 000,216,538 | ---- | C] () -- C:\Users\1\Desktop\krzysiubobr.jpg [2013-04-22 19:06:52 | 000,006,428 | ---- | C] () -- C:\Users\1\.recently-used.xbel [2013-04-22 17:23:54 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Knaimcwyyxunfcfk.exe [2013-04-22 16:38:18 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Isynqidzpmpkcskv.exe [2013-04-22 16:09:58 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013-04-22 15:34:00 | 000,117,996 | ---- | C] () -- C:\Users\1\Desktop\kon-dom.jpg [2013-04-22 14:30:08 | 000,975,558 | ---- | C] () -- C:\Users\1\Desktop\gaddemjuson.jpg [2013-04-22 09:58:23 | 001,398,249 | ---- | C] () -- C:\Users\1\Desktop\2013-04-22 09.58.22.jpg [2013-04-22 09:08:15 | 001,045,118 | ---- | C] () -- C:\Users\1\Desktop\2013-04-22 09.08.15.jpg [2013-04-21 17:05:52 | 002,466,286 | ---- | C] () -- C:\Users\1\Desktop\nafejsa.jpg [2013-04-21 16:26:39 | 001,644,157 | ---- | C] () -- C:\Users\1\Desktop\Bez nazwy.xcf [2013-04-21 13:34:33 | 000,223,321 | ---- | C] () -- C:\Users\1\Desktop\avatarnaskajp.jpg [2013-04-21 13:20:27 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2013-04-20 13:13:52 | 000,000,213 | ---- | C] () -- C:\Users\1\Desktop\Left 4 Dead.url [2013-04-19 21:20:34 | 000,011,830 | ---- | C] () -- C:\Users\1\AppData\Local\recently-used.xbel [2013-04-09 20:42:38 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2013-04-08 15:55:25 | 000,001,099 | ---- | C] () -- C:\Users\1\Desktop\GammaAdjuster — skrót.lnk [2013-03-27 08:22:19 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3838626967-3587868773-1472854575-1000Core1ce2ab36f84c811.job [2013-03-24 17:34:57 | 000,096,256 | ---- | C] () -- C:\Users\1\AppData\Roaming\chrtmp [2013-02-23 22:30:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2013-02-03 19:51:35 | 001,213,520 | ---- | C] () -- C:\Users\1\ts3_recording_13_02_03_18_51_34.wav [2013-02-03 19:50:56 | 002,284,880 | ---- | C] () -- C:\Users\1\ts3_recording_13_02_03_18_50_55.wav [2013-02-01 20:54:36 | 002,476,880 | ---- | C] () -- C:\Users\1\ts3_recording_13_02_01_19_54_32.wav [2013-01-21 17:03:06 | 001,099,056 | ---- | C] () -- C:\Users\1\ts3_recording_13_01_21_16_3_4.wav [2013-01-18 22:36:46 | 000,000,132 | ---- | C] () -- C:\Users\1\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2013-01-13 23:29:16 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2012-12-25 19:22:04 | 000,000,652 | ---- | C] () -- C:\Windows\eReg.dat [2012-12-19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012-12-04 17:53:14 | 000,552,233 | ---- | C] () -- C:\Users\1\Laboratory_Clinical_Art.wal [2012-11-14 21:01:54 | 000,000,158 | ---- | C] () -- C:\Users\1\.gtkrc-2.0 [2012-11-06 18:57:53 | 000,000,089 | ---- | C] () -- C:\Users\1\AppData\Local\fusioncache.dat [2012-11-06 16:39:51 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2012-11-06 15:53:30 | 001,426,411 | ---- | C] () -- C:\Users\1\AppData\Local\Tempmusic.ogg [2012-11-04 12:40:29 | 000,006,656 | ---- | C] () -- C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-11-02 12:54:53 | 000,000,025 | ---- | C] () -- C:\Users\1\AppData\Roaming\mta.ini.ini [2012-10-28 21:21:14 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2012-10-16 18:49:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012-10-16 18:23:16 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin [2012-10-11 14:36:24 | 000,001,654 | ---- | C] () -- C:\Users\1\AppData\Roaming\SvcTraceViewer.exe.settings [2012-10-07 15:16:10 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012-09-28 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\tmb1-v32.dll [2012-09-24 19:44:18 | 000,138,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012-09-24 19:44:18 | 000,138,904 | ---- | C] () -- C:\Users\1\AppData\Roaming\PnkBstrK.sys [2012-09-24 19:43:46 | 000,281,872 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012-09-24 19:43:43 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012-09-24 16:08:59 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-09-10 15:03:22 | 000,071,040 | ---- | C] () -- C:\Windows\System32\deformerdll.dll [2012-09-10 15:02:56 | 000,192,512 | ---- | C] () -- C:\Windows\System32\binkw32.dll [2012-09-10 15:01:57 | 000,389,632 | ---- | C] () -- C:\Windows\System32\granny2.dll [2012-09-04 16:18:42 | 000,003,153 | ---- | C] () -- C:\Program Files\visit-nosteam-forum.html [2012-09-04 16:18:42 | 000,000,077 | ---- | C] () -- C:\Program Files\update-l4d.bat [2012-09-02 18:09:06 | 000,045,270 | ---- | C] () -- C:\Users\1\AppData\Roaming\room_v3.dat [2012-08-31 09:08:23 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini [2012-08-24 07:20:01 | 000,006,685 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.bk! [2012-08-24 07:19:11 | 000,006,662 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.bko [2012-08-23 22:17:53 | 000,006,662 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.bak [2012-08-23 20:50:05 | 000,006,662 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.ini [2012-08-23 20:25:18 | 000,007,607 | ---- | C] () -- C:\Users\1\AppData\Local\Resmon.ResmonCfg [2012-08-22 09:29:09 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2012-08-12 15:37:52 | 000,081,938 | ---- | C] () -- C:\Users\1\AppData\Roaming\.mineshaftersquaredminecraft.jar [2012-08-12 15:37:52 | 000,076,964 | ---- | C] () -- C:\Users\1\AppData\Roaming\.mineshaftersquaredminecraft_modified.jar [2012-08-10 21:52:15 | 000,001,126 | ---- | C] () -- C:\Program Files\Camtasia Studio 8.lnk [2012-08-09 15:57:15 | 000,000,163 | ---- | C] () -- C:\Windows\AutoScreenRecorder.INI [2012-07-12 16:25:22 | 000,639,488 | ---- | C] () -- C:\Windows\System32\ficvdec_x86.dll [2011-09-19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011-09-19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2003-04-09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\1\AppData\Roaming\MafiaSetup.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >

przez **Thetor67** » 22 Kwi 2013, 20:11

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2013-04-22 19:59:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1\Documents Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 59,48% Memory free 4,80 Gb Paging File | 3,78 Gb Available in Paging File | 78,69% Paging File free Paging file location(s): a:\pagefile.sys 2600 2700c:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,94 Gb Total Space | 79,57 Gb Free Space | 56,45% Space Free | Partition Type: NTFS Computer Name: 1-KOMPUTER | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic) Directory [Bridge] -- A:\Programy\Adobe Photoshop\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18EEDE9A-84E8-4100-BD8E-59B565A8220E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1D5256E5-A532-4678-92A2-62EA668F0A19}" = lport=16276 | protocol=6 | dir=in | name=bitcomet 16276 tcp | "{44560B93-41E8-4A20-B3BA-45827E739BAA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7B37C7F3-A348-42FA-8191-5CD8DF3A150A}" = lport=16276 | protocol=17 | dir=in | name=bitcomet 16276 udp | "{9D452915-CAAC-4E26-8EC2-7D1A8D7E63C0}" = lport=7767 | protocol=17 | dir=in | name=bitcomet 7767 udp | "{EEC7EAB0-9755-4368-BE73-A7D81DFDD370}" = lport=7767 | protocol=6 | dir=in | name=bitcomet 7767 tcp | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FD7F2A-BF00-4919-B059-04A8B2A4AF35}" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | "{04EFFDD9-46C9-4E8F-B2A8-8B3C6A4C3DE2}" = protocol=6 | dir=in | app=c:\program files\littlefighter\lf2.exe | "{07D7C475-DE58-4E1B-B231-DFEE24E44B40}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{083F958C-C374-4279-AA88-E95CCF71CF21}" = protocol=58 | dir=out | [email protected],-503 | "{10AF226B-715A-4493-8BC5-C65B3753D16F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{1258F21C-A4A2-4926-A7C3-19F337302973}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | "{13B9781C-F3E4-4B6B-B23E-E919F102FEAC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\and yet it moves\and yet it moves.exe | "{17577372-4F91-4A29-8711-AA161740193A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe | "{179668CE-4ABC-4D14-BD42-63305CAFA35C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{1E963030-712F-4C52-A230-74454FD6DF8D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe | "{1F2D02F3-295D-442B-AE08-C645BE1CEEB0}" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | "{208DEE90-040C-4395-B9E2-6589864BC6D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe | "{22068114-AFA3-43E0-B1F4-4C7730F69CD9}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{28B89BD4-E9D5-4531-B3E2-EC02E4D3FF5F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\team fortress classic\hl.exe | "{29056B06-1FEB-4B15-9707-42F8E26A6F4D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{2FDD8CBF-4941-49E9-8BB0-92892C9A1285}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{30CFEBB7-A5BB-40CB-8720-0CB0A107F314}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe | "{321A8A34-F633-4CD2-9D11-B9BD824FF482}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{385C3EFF-0D16-404A-B1DA-F98F0B7CCCB4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\half-life\hl.exe | "{39B0E3B4-DBA4-495C-A8DE-EDBE56ED8C25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\sam2.exe | "{3AF84A8E-5824-4A1C-80A6-233E90CC2C44}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{3F330334-B262-433E-80A4-F12E2DFFAB5F}" = dir=in | app=c:\users\1\appdata\local\microsoft\skydrive\skydrive.exe | "{42504C65-26E2-4F4B-986D-FB6C35AA4572}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe | "{4641FA93-349E-4FB2-B40F-59D79B1FCBD7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{48344051-9891-4B58-B6A4-8EC8821AC587}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe | "{495E13B5-96B8-46C8-9DF9-B4EA2DAA8621}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{4A292CAA-3113-4611-B57E-88DF4671C134}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe | "{4FB1956F-EFFA-4C72-B79F-784D9D77F4AF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{53400292-0947-43F6-9DA8-72D699D3F263}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\team fortress classic\hl.exe | "{564CFEB8-6172-492F-8626-7D43EF8D2679}" = protocol=58 | dir=in | app=system | "{5842BF47-57EB-47DF-B0FB-44CA2B983E6E}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe | "{5A6A8F66-E0F8-40F0-9649-ECE43551E34A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe | "{64CE87BE-1354-429D-9DCE-67F2CC906C0A}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\google\google talk plugin\googletalkplugin.exe | "{6A5CC00E-0B39-4803-8584-2B5E178B862A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spacechem\spacechem.exe | "{6B332FB0-5FF9-4719-8DAC-3BAE222466A7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe | "{6E8CFE22-461E-46F5-90A7-FC73F157CBAC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{7264E410-D183-40C5-B6AD-7278CB44F2CB}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{756BD57A-52D9-45B7-A3F3-11F2DA3ADF05}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spacechem\spacechem.exe | "{7F7F95E5-67D7-4C61-926A-CC11C418E73B}" = protocol=17 | dir=in | app=c:\users\1\kag\kag.exe | "{85CCD7B1-EBE4-4FE4-821E-9F7F5798B5C1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{86DEF6AA-393B-44BC-8A7A-69DA78B04E77}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8CAC59B5-41F1-40C1-A8F9-332526AE0DEA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{930D6FC3-1C7F-446D-AD4A-FE1F4BAB5BA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{943FFAFA-7747-4022-A222-E7A263A44250}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{960DABCF-137E-4351-B3D4-D8918D2BEF76}" = protocol=6 | dir=in | app=c:\users\1\kag\kag.exe | "{96391907-3B2F-4E42-B0DD-3F97BBE082E5}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe | "{9B14E964-75C0-4FFE-9568-EAD6F26487C0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe | "{9C0048BA-20A2-406E-9B85-DF62227762CC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\seriouseditor2.exe | "{A0C755D0-0A80-488D-8EEA-674F6BBE11D8}" = protocol=17 | dir=in | app=c:\program files\littlefighter\lf2.exe | "{A35E9B76-0798-409F-A0C6-B96F00FE913F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\and yet it moves\and yet it moves.exe | "{A914A633-EC12-47BB-AC9D-AE9E8B2F0965}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vvvvvv\vvvvvv.exe | "{B1C3B098-F19D-4FA6-9EB7-0738A13286CE}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{B8097AA4-D517-4FF8-99FF-C170AB0D6998}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\half-life\hl.exe | "{BCD0451A-BA6F-4916-9329-5CA36E5419A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\sam2.exe | "{C1A6095E-A532-44CE-A8A6-F01CB672816B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe | "{CA8D6C54-9047-44B4-914C-8BD81B19E3E4}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe | "{CBB10563-D789-4DDF-A7E3-C2FF7BCDCC7E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{CC29D6DE-24F9-4B21-B58D-CA0A050D5EFD}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{D5264D25-485C-4102-ADA2-F5A2482302ED}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\google\google talk plugin\googletalkplugin.exe | "{D6A8485F-8509-42D9-9BF6-75C235E1B74F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D72ED1F4-A1A0-4FD7-8009-2E326BB585A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe | "{D829EB77-9149-440F-8E52-39E85A01568F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DC2EEC3F-599D-4CC8-8B48-CD70F2FB51FC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{DEAD0767-6BA2-4DCA-A95C-6124D564E72E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{E0CEE3CB-B3CB-4E15-9C63-942029C6B488}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{E3C8FD59-5DE7-4E5A-A995-744B6A74F708}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{E74FAB6A-001E-46B8-8BFB-908834ACFE9F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\seriouseditor2.exe | "{E87F8297-37BD-4A77-9C72-23EEDEA9B929}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe | "{E8F3B5FB-C101-47BF-B84A-255B28AB1F62}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E9A71877-F9F4-466F-BFE0-87B7ECA50D70}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{EB12DFB5-F486-4096-A0B2-30766397AF83}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{F09BC7C3-73BB-4206-831A-DC61C7091B18}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{F1CEDB99-6589-412A-B8AD-1B0295D74A2B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vvvvvv\vvvvvv.exe | "{F807AD7F-FC17-4B93-957F-C453DC43A1B8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{FBD1C72B-9178-498F-ACFF-4553BEA3754F}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{FFE5E1D3-A44D-49B4-9AF4-F4C0A576B132}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | "TCP Query User{61099D0A-6773-44B9-B2F1-9781D62B90B4}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{7F164764-EE1F-4C72-8BDC-7BA1E0A45863}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | "TCP Query User{B94AC74A-B1DB-4638-93C3-9D780A9529B6}C:\users\1\kag\kag.exe" = protocol=6 | dir=in | app=c:\users\1\kag\kag.exe | "TCP Query User{E15C0F31-E4D2-4600-93F4-8E5B79A86428}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{ED113E2F-6D61-45B5-9142-87D647B9BED9}C:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe | "TCP Query User{F2DD283E-FF5B-4541-B9E5-5B15E3612B6D}C:\program files\littlefighter\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter\lf2.exe | "TCP Query User{F30A0EBC-FA20-4B28-94E5-8380554673C6}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{3AC948EC-9F3F-4834-8BD3-10525BD8FDD0}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{42BCBB84-D5B4-4368-9825-82B187B0F919}C:\users\1\kag\kag.exe" = protocol=17 | dir=in | app=c:\users\1\kag\kag.exe | "UDP Query User{47806987-D4C6-4125-886F-05ABE2BD608C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{82F3CF0A-BD79-4DF7-8085-95DD86E5963D}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | "UDP Query User{8547D86C-18A3-4403-9670-BF0506AF18C6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{99F1F620-2E84-47A3-AB55-48804A0C6F09}C:\program files\littlefighter\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter\lf2.exe | "UDP Query User{F7190B64-93FF-4853-AC6D-0D28F245D425}C:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{046C9272-6E16-4C47-8BEF-4880417304DF}" = SLOW-PCfighter "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D5BEFA3-889A-4AD5-8771-310BAEB0E2FC}" = Qtrax Player "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools "{3825F8BD-F784-6FBB-A5CD-857559148007}" = AMD Catalyst Install Manager "{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514) "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{5D8A40E9-8E59-3761-98DE-2C9F7303FA17}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{643B056F-61C1-4489-9797-4D846D101A7A}" = King Arthur's Gold "{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514) "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{6F62E665-AC12-4DE0-88AA-C6EE7F5DBAAB}" = YouTube Playlist Converter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7914488D-F56B-464F-B735-F8E972E5E208}" = Photo Common "{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514) "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller "{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.2.1 "{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{8EEED220-D348-4F49-8C82-B11F6C5450C7}" = Movie Maker "{90B936B2-33E6-4FE8-9A64-08EEB42AF2B1}" = Podstawowe programy Windows Live "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AA21F4-C8CE-4380-995A-992536463263}" = Galeria fotografii "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514) "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Polish "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek PCI Fast Ethernet Controller Driver For Vista and Win7 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B1F8F5EB-75E2-40C3-9A50-7907F1C910F1}" = Camtasia Studio 8 "{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514) "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu! "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Obsługa programów Apple "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86) "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D48BCCD6-D2E2-42F4-B8E8-D7BC10C568EC}" = Windows Live UX Platform Language Pack "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.33 "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E320B23C-E9DC-377C-837E-D6D4BD27B169}" = Google Talk Plugin "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.20 "{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3 "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Pakiet sterowników systemu Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced SystemCare 6_is1" = Advanced SystemCare 6 "AIMP3" = AIMP3 "Ares" = Ares 2.1.9 "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 2.0 "AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0 "AVG" = AVG 2013 "AVG Secure Search" = AVG Security Toolbar "AviScreen Classic (Freeware)_is1" = AviScreen Classic Version 1.3 "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "BitComet" = BitComet 1.33 "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "claro" = Claro LTD toolbar on IE "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "CPUID HWMonitor_is1" = CPUID HWMonitor 1.17 "DAEMON Tools Lite" = DAEMON Tools Lite "Defraggler" = Defraggler "DMX5_is1" = DriverMax 7 "Driver Magician_is1" = Driver Magician 3.7 "DriverAgent.exe" = DriverAgent by eSupport.com "Duke Nukem 3D_is1" = Duke Nukem 3D "Dxtory_is1" = Dxtory 1.0.93 "Dxtory2.0_is1" = Dxtory version 2.0.112 "EAX Unified" = EAX Unified "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FilesFrog Update Checker" = FilesFrog Update Checker "foobar2000" = foobar2000 v1.2.3 "Fraps" = Fraps (remove only) "Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212 "Freemake Video Converter_is1" = Freemake Video Converter wersja 3.1.1 "Game Booster_is1" = Game Booster 3 "GameSpy Arcade" = GameSpy Arcade "GameSpy Software" = GameSpy Software "Hero Fighter" = Hero FighterWAR "IObit Malware Fighter_is1" = IObit Malware Fighter "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Little Fighter" = Little Fighter "LogMeIn Hamachi" = LogMeIn Hamachi "Mafia" = Mafia "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Mirillis Action!" = Action! "Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword "Mozilla Firefox 18.0.1 (x86 pl)" = Mozilla Firefox 18.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3 "Multi Theft Auto" = Multi Theft Auto "MzRAMBooster_is1" = Mz RAM Booster "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "Open Broadcaster Software" = Open Broadcaster Software "Opera 12.15.1748" = Opera 12.15 "Pivot Animator_is1" = Pivot Animator version 4.1.6 "POD-Bot 2.5" = POD-Bot 2.5 "PowerStrip 3 (remove only)" = PowerStrip 3 (remove only) "PunkBusterSvc" = PunkBuster Services "ResourceHacker_is1" = Resource Hacker Version 3.6.0 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "RocketDock_is1" = RocketDock 1.3.5 "RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k "San Andreas Mod Installer1.1" = San Andreas Mod Installer "Sapphire TRIXX" = Sapphire TRIXX "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1) "SLOW-PCfighter" = SLOW-PCfighter "Smart Defrag 2_is1" = Smart Defrag 2 "Soldat_is1" = Soldat 1.6.3 "ST6UNST #1" = HLTooLz "Steam App 10" = Counter-Strike "Steam App 17500" = Zombie Panic Source "Steam App 18700" = And Yet It Moves "Steam App 20" = Team Fortress Classic "Steam App 204340" = Serious Sam 2 "Steam App 26500" = Cogs "Steam App 26900" = Crayon Physics Deluxe "Steam App 30" = Day of Defeat "Steam App 41100" = Hammerfight "Steam App 500" = Left 4 Dead "Steam App 70300" = VVVVVV "Steam App 92800" = SpaceChem "TeamSpeak 3 Client" = TeamSpeak 3 Client "Updater Service" = Updater Service "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR 4.11 (32-bitowy) "Wisdom-soft AutoScreenRecorder 3.1 Free" = Wisdom-soft AutoScreenRecorder 3.1 Free "Wise Game Booster_is1" = Wise Game Booster 1.09 "xvid" = XviD MPEG-4 Video Codec [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "DirectDownloader" = DirectDownloader "GamersFirst LIVE!" = GamersFirst LIVE! "GG" = GG "Google Chrome" = Google Chrome "SkyDriveSetup.exe" = Microsoft SkyDrive "Third Age - Total War 3.0 (Part 1of2)" = Third Age - Total War 3.0 (Part 1of2) "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-09-24 07:50:15 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd: NPSWF32_11_4_402_265.dll, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf58e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002100fa Identyfikator procesu powodującego błąd: 0xa6c Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a4924012658 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll Identyfikator raportu: 00b8ef94-063e-11e2-80f0-001636e517b0 Error - 2012-09-24 08:08:01 | Computer Name = 1-Komputer | Source = Application Hang | ID = 1002 Description = Program vegas90.exe w wersji 9.0.0.1147 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 354 Godzina rozpoczęcia: 01cd9a4d2d0d25af Godzina zakończenia: 12 Ścieżka aplikacji: C:\Program Files\Sony\Vegas Pro 9.0\vegas90.exe Identyfikator raportu: 78aa393e-0640-11e2-80f0-001636e517b0 Error - 2012-09-24 08:28:55 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000006 Identyfikator procesu powodującego błąd: 0xf94 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a4e810df580 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 6784cba5-0643-11e2-80f0-001636e517b0 Error - 2012-09-24 08:32:55 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: AUDIODG.EXE, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7a278 Nazwa modułu powodującego błąd: audioeng.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bd97c Kod wyjątku: 0xc000001d Przesunięcie błędu: 0x0004784f Identyfikator procesu powodującego błąd: 0xf88 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a4e8281e458 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\AUDIODG.EXE Ścieżka modułu powodującego błąd: C:\Windows\System32\audioeng.dll Identyfikator raportu: f6705c93-0643-11e2-80f0-001636e517b0 Error - 2012-09-24 08:32:55 | Computer Name = 1-Komputer | Source = Application Error | ID = 1005 Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku. System Windows zamknął program Izolacja wykresu urządzenia audio systemu Windows z powodu tego błędu. Program: Izolacja wykresu urządzenia audio systemu Windows Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0 Error - 2012-09-24 08:54:05 | Computer Name = 1-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2012-09-24 09:30:34 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd: NPSWF32_11_4_402_265.dll, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf58e Kod wyjątku: 0xc000001d Przesunięcie błędu: 0x00407d4f Identyfikator procesu powodującego błąd: 0xf88 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a53dda55665 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll Identyfikator raportu: 0418babb-064c-11e2-add0-001636e517b0 Error - 2012-09-24 09:30:34 | Computer Name = 1-Komputer | Source = Application Error | ID = 1005 Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku. System Windows zamknął program Adobe Flash Player 11.4 r402 z powodu tego błędu. Program: Adobe Flash Player 11.4 r402 Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0 Error - 2012-09-24 10:12:52 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Skype.exe, wersja: 5.10.0.116, sygnatura czasowa: 0x50001496 Nazwa modułu powodującego błąd: Skype.exe, wersja: 5.10.0.116, sygnatura czasowa: 0x50001496 Kod wyjątku: 0xc0000096 Przesunięcie błędu: 0x0004b910 Identyfikator procesu powodującego błąd: 0xe6c Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a5e02a31928 Ścieżka aplikacji powodującej błąd: C:\Program Files\Skype\Phone\Skype.exe Ścieżka modułu powodującego błąd: C:\Program Files\Skype\Phone\Skype.exe Identyfikator raportu: ecee8738-0651-11e2-add0-001636e517b0 Error - 2012-09-24 10:12:52 | Computer Name = 1-Komputer | Source = Application Error | ID = 1005 Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku. System Windows zamknął program Skype z powodu tego błędu. Program: Skype Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0 Error - 2012-09-24 10:53:22 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x032439c0 Identyfikator procesu powodującego błąd: 0xbf4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a63dfc1bd87 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 95b1b98c-0657-11e2-add0-001636e517b0 [ Media Center Events ] Error - 2012-08-22 02:49:57 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 08:49:55 - Błąd podczas nawiązywania połączenia z Internetem. 08:49:57 - Nie można skontaktować się z serwerem.. Error - 2012-08-22 02:50:11 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 08:50:04 - Błąd podczas nawiązywania połączenia z Internetem. 08:50:04 - Nie można skontaktować się z serwerem.. Error - 2012-08-22 03:55:16 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 09:55:16 - Błąd podczas nawiązywania połączenia z Internetem. 09:55:16 - Nie można skontaktować się z serwerem.. Error - 2012-08-22 03:55:43 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 09:55:22 - Błąd podczas nawiązywania połączenia z Internetem. 09:55:22 - Nie można skontaktować się z serwerem.. Error - 2012-08-22 04:56:02 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 10:56:02 - Błąd podczas nawiązywania połączenia z Internetem. 10:56:02 - Nie można skontaktować się z serwerem.. Error - 2012-08-22 04:56:15 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 10:56:09 - Błąd podczas nawiązywania połączenia z Internetem. 10:56:09 - Nie można skontaktować się z serwerem.. Error - 2012-08-22 05:56:58 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 11:56:58 - Błąd podczas nawiązywania połączenia z Internetem. 11:56:58 - Nie można skontaktować się z serwerem.. Error - 2012-08-22 05:57:06 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 11:57:03 - Błąd podczas nawiązywania połączenia z Internetem. 11:57:03 - Nie można skontaktować się z serwerem.. Error - 2012-09-17 02:05:40 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 08:05:39 - Błąd podczas nawiązywania połączenia z Internetem. 08:05:39 - Nie można skontaktować się z serwerem.. Error - 2012-09-17 04:20:24 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0 Description = 10:20:23 - Błąd podczas nawiązywania połączenia z Internetem. 10:20:23 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2013-04-22 07:31:40 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu Windows, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2013-04-22 07:31:49 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sptd Error - 2013-04-22 09:39:42 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu Windows, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2013-04-22 09:39:51 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sptd Error - 2013-04-22 11:08:23 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi avgwd. Error - 2013-04-22 11:08:59 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi avgwd. Error - 2013-04-22 13:11:59 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu Windows, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2013-04-22 13:34:55 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Advanced SystemCare Service 6 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-04-22 13:35:37 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-04-22 13:36:24 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu Windows, której nie można uruchomić z powodu następującego błędu: %%1058 < End of report >

przez **mateo8898** » 22 Kwi 2013, 20:48

Brak logu z Gmer

otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p88736, uzupełnij.

Poza tym logi wklejaj na http://www.wklej.eu/, a w poście podaj tylko link.

przez **Thetor67** » 23 Kwi 2013, 07:56

http://www.wklej.eu/index.php?id=c35948b2dc&view=nl
Proszę log z GMER.

przez **mateo8898** » 23 Kwi 2013, 14:16

1. Odinstaluj: SweetIM for Messenger 3.7, Internet Explorer Toolbar 4.6 by SweetPacks, Bonjour, Ask Toolbar, BabylonObjectInstaller, Yontoo 1.10.02, Ad-Aware SE Personal (staroć), AVG Security Toolbar, McAfee Security Scan Plus, Ask Toolbar Updater
2. Użyj AdwCleaner

http://forum.instalki.pl/otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 z opcji Usuń i podaj utworzony log.
3. Uruchom OTL

w oknie Własne opcje skanowania/skrypt wklej:

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\mseow.sys -- (mseow)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\gmzioaj.sys -- (gmzioaj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys -- (FairplayKD)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={70B915DA-9864-441E-BADD-4054F6A5AE3C}&mid=c129b2926a484ecf849f2a0a57be5a4a-737d6be3d3d76da21980eded92fe6334dfb0c32a&lang=pl&ds=is015&pr=sa&d=2012-09-28 20:55:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.14.100013
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_US&apn_uid=09DD9307-79BE-4CCD-BE0D-D1F909FCEC43&apn_ptnrs=^U3&apn_sauid=A3031538-0F14-41C7-B751-AA56DE6FB939&apn_dtid=^YYYYYY^YY^PL&&q="
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2012-08-26 18:04:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2013-02-03 10:01:47 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2013-03-17 22:21:42 | 000,002,575 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\askcom.xml
[2012-08-26 18:03:40 | 000,003,915 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\sweetim.xml
[2012-09-07 15:02:42 | 000,002,469 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\Web Search.xml
[2013-02-18 20:45:31 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-08-11 14:04:57 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-10-22 16:11:30 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Ceujmgywnzatxwwn.exe] C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe ()
O4 - HKCU..\Run: [bfcadfccsacfsfdsf] C:\ProgramData\bfcadfccsacfsfdsf.exe (ICQ, LLC.)
[2013-04-22 20:03:41 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe
[2013-04-22 20:03:39 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe
[2013-04-22 19:29:48 | 000,103,424 | ---- | M] () -- C:\Users\1\AppData\Roaming\42CE.exe
[2013-04-22 19:26:24 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Vattlndlblsewagb.exe
[2013-04-22 19:24:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isjwlfosmicqgbrq.exe
[2013-04-22 19:09:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Wpdehzkkewqgochs.exe
[2013-04-22 17:23:54 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Knaimcwyyxunfcfk.exe
[2013-04-22 16:38:18 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isynqidzpmpkcskv.exe

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Podajesz log z usuwania + nowe logi z OTL.

Kolejność jak podałem.

przez **Thetor67** » 23 Kwi 2013, 15:21

Oto log z usunięcia:
http://www.wklej.eu/index.php?id=d9b2eefb52
log z otl'a:
http://www.wklej.eu/index.php?id=97c217306f

przez **mateo8898** » 23 Kwi 2013, 15:59

OK, jeszcze nowe logi z OTL.

przez **Thetor67** » 23 Kwi 2013, 16:34

uruchomiłem ponownie i nic nie miałem więcej...

przez **Thetor67** » 23 Kwi 2013, 16:35

uruchomiłem ponownie i nic nie miałem więcej...
poza tym, już wiadomości mi ta "aplikacja" nie wysyła

przez **mateo8898** » 23 Kwi 2013, 19:19

Po prostu wykonaj logi opcją Skanuj tak jak na początku.

Wirus wysyłanie wiadomości na facebook'u i skype

Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Re: Wirus wysyłanie wiadomości na facebook'u i skype

Kto jest na forum