
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosim o kontrolu logu
Zdravim,
Posledni dva dny mam mensi problem s PC.
Pri kazdem kliknuti nejakeho linku v browseru s emi automaticky otevre reklamni okno.
PC funguje pomaleji.
Odinstaloval jsem vssechny nepotrebne programy, ale stale pretrvava problem. Uz jsem bezradny. Predem dekuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Izolda at 2013-07-05 10:21:23
Microsoft Windows 7 Ultimate
System drive C: has 87 GB (70%) free of 125 GB
Total RAM: 3071 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:31, on 2013-07-05
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal
Running processes:
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe
C:\Users\Izolda\AppData\Local\GG\Application\ggapp.exe
C:\Users\Izolda\AppData\Local\GG\Application\ggapp.exe
C:\Users\Izolda\Downloads\RSIT.exe
C:\Program Files\trend micro\Izolda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ ... 9&tsp=4931
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,,c:\program files\microsoft\desktoplayer.exe,c:\program files\nvidia corporation\3d vision\nvscpapisvrsrv.exe
O2 - BHO: Lyrmix - {A8E06666-F1AE-4436-80C1-A1A1A865F236} - C:\Program Files\Lyrmix\lyrmix.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [GG] "C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USLUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USLUGA SIECIOWA')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: Usluga Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usluga Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 4312 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Lyrmix Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8E06666-F1AE-4436-80C1-A1A1A865F236}]
Lyrmix - C:\Program Files\Lyrmix\lyrmix.dll [2013-06-10 133528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-12-23 9972328]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GG"=C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe [2013-06-20 3365440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG]
C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe [2013-06-20 3365440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Izolda\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-09 1044560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-07-05 10:21:23 ----D---- C:\rsit
2013-07-05 10:21:23 ----D---- C:\Program Files\trend micro
2013-07-03 00:46:08 ----D---- C:\Users\Izolda\AppData\Roaming\calibre
2013-07-03 00:37:49 ----D---- C:\ProgramData\BrowserDefender
2013-07-03 00:37:43 ----D---- C:\Users\Izolda\AppData\Roaming\BabSolution
2013-07-03 00:34:34 ----D---- C:\Users\Izolda\AppData\Roaming\DealPly
2013-07-03 00:34:17 ----D---- C:\Program Files\Lyrmix
2013-06-24 12:54:35 ----D---- C:\Program Files\Kolekcja Klasyki
2013-06-19 11:09:00 ----D---- C:\Riot Games
2013-06-18 13:52:30 ----D---- C:\ProgramData\PMB Files
2013-06-17 16:27:27 ----D---- C:\ProgramData\Room Arranger
2013-06-16 23:33:48 ----D---- C:\Program Files\Common Files\Adobe
2013-06-16 23:33:48 ----D---- C:\Program Files\Adobe
2013-06-16 23:31:34 ----D---- C:\ProgramData\Adobe
2013-06-16 17:55:23 ----D---- C:\Users\Izolda\AppData\Roaming\Mumble
2013-06-16 15:54:13 ----D---- C:\Windows\system32\searchplugins
2013-06-16 15:54:13 ----D---- C:\Windows\system32\Extensions
2013-06-16 15:53:53 ----D---- C:\Program Files\Mozilla Firefox
2013-06-16 15:53:33 ----D---- C:\ProgramData\Babylon
2013-06-16 15:53:32 ----D---- C:\Users\Izolda\AppData\Roaming\Babylon
2013-06-16 15:18:33 ----D---- C:\Users\Izolda\AppData\Roaming\Malwarebytes
2013-06-16 15:18:27 ----D---- C:\ProgramData\Malwarebytes
2013-06-16 14:48:00 ----D---- C:\Program Files\Badosoft
2013-06-15 15:08:36 ----D---- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wups2.dll
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wucltux.dll
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wuaueng.dll
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wuauclt.exe
2013-06-14 09:07:47 ----A---- C:\Windows\system32\wuwebv.dll
2013-06-14 09:07:47 ----A---- C:\Windows\system32\wuapp.exe
2013-06-13 21:53:30 ----D---- C:\Program Files\Movavi Video Converter 10
2013-06-13 20:56:31 ----D---- C:\Users\Izolda\AppData\Roaming\MOVAVI
2013-06-13 20:40:09 ----D---- C:\Windows\Minidump
2013-06-12 20:38:14 ----D---- C:\Program Files\Room Arranger
2013-06-12 20:29:13 ----D---- C:\ProgramData\Google
2013-06-12 20:29:12 ----D---- C:\Users\Izolda\AppData\Roaming\Google
2013-06-11 13:35:08 ----D---- C:\Program Files\Soul of the Ultimate Nation
2013-06-11 12:54:14 ----D---- C:\Program Files\Ingamba
2013-06-11 08:27:18 ----D---- C:\Users\Izolda\AppData\Roaming\LolClient
2013-06-10 23:05:02 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-06-10 23:05:02 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-06-10 23:05:02 ----A---- C:\Windows\system32\D3DCompiler_39.dll
======List of files/folders modified in the last 1 month======
2013-07-05 10:21:23 ----D---- C:\Program Files
2013-07-05 10:21:04 ----D---- C:\Users\Izolda\AppData\Roaming\GG
2013-07-05 10:20:45 ----D---- C:\Windows\Prefetch
2013-07-05 10:15:38 ----D---- C:\Windows\System32
2013-07-05 10:15:38 ----D---- C:\Windows\inf
2013-07-05 10:15:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-05 10:09:16 ----D---- C:\Windows\system32\Tasks
2013-07-05 10:09:14 ----D---- C:\ProgramData\NVIDIA
2013-07-05 10:09:14 ----D---- C:\Program Files\Microsoft
2013-07-05 10:08:46 ----D---- C:\Windows\Temp
2013-07-05 10:08:46 ----D---- C:\Windows
2013-07-04 23:17:13 ----D---- C:\Users\Izolda\AppData\Roaming\vlc
2013-07-03 23:36:20 ----SHD---- C:\Windows\Installer
2013-07-03 16:46:29 ----D---- C:\Windows\system32\NDF
2013-07-03 16:18:08 ----SHD---- C:\System Volume Information
2013-07-03 16:17:34 ----D---- C:\Users\Izolda\AppData\Roaming\uTorrent
2013-07-03 16:17:29 ----D---- C:\Windows\Logs
2013-07-03 00:44:11 ----D---- C:\Windows\system32\config
2013-07-03 00:37:49 ----HD---- C:\ProgramData
2013-07-03 00:34:17 ----D---- C:\Windows\Tasks
2013-06-25 17:19:53 ----HD---- C:\Program Files\InstallShield Installation Information
2013-06-25 11:36:53 ----D---- C:\Windows\winsxs
2013-06-25 11:36:32 ----D---- C:\Program Files\Common Files\microsoft shared
2013-06-21 13:18:03 ----D---- C:\Users\Izolda\AppData\Roaming\Skype
2013-06-19 22:41:13 ----D---- C:\Windows\system32\catroot2
2013-06-18 13:52:15 ----D---- C:\Program Files\Pando Networks
2013-06-17 11:04:59 ----RSD---- C:\Windows\assembly
2013-06-17 11:04:14 ----RSD---- C:\Windows\Fonts
2013-06-17 08:31:26 ----SD---- C:\Users\Izolda\AppData\Roaming\Microsoft
2013-06-16 23:48:22 ----D---- C:\Users\Izolda\AppData\Roaming\Adobe
2013-06-16 23:33:48 ----D---- C:\Program Files\Common Files
2013-06-16 15:41:43 ----D---- C:\Windows\system32\drivers
2013-06-16 15:39:56 ----D---- C:\Windows\AppCompat
2013-06-15 02:36:54 ----D---- C:\Windows\rescache
2013-06-14 09:40:23 ----D---- C:\Windows\system32\catroot
2013-06-14 09:31:16 ----D---- C:\Program Files\Google
2013-06-14 09:08:31 ----D---- C:\Windows\system32\pl-PL
2013-06-12 08:40:22 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-06-10 08:06:40 ----D---- C:\ProgramData\Skype
2013-06-10 08:06:33 ----RD---- C:\Program Files\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-12-30 3351208]
R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 17920]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 LLRING0;LLRING0; \??\e:\KickerMu-V3\MuGuard\llck.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 XDva401;XDva401; \??\C:\Windows\system32\XDva401.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BrowserDefendert;BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-05-23 2827728]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-08 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-08 116648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-08 1343400]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Posledni dva dny mam mensi problem s PC.
Pri kazdem kliknuti nejakeho linku v browseru s emi automaticky otevre reklamni okno.
PC funguje pomaleji.
Odinstaloval jsem vssechny nepotrebne programy, ale stale pretrvava problem. Uz jsem bezradny. Predem dekuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Izolda at 2013-07-05 10:21:23
Microsoft Windows 7 Ultimate
System drive C: has 87 GB (70%) free of 125 GB
Total RAM: 3071 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:31, on 2013-07-05
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal
Running processes:
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe
C:\Users\Izolda\AppData\Local\GG\Application\ggapp.exe
C:\Users\Izolda\AppData\Local\GG\Application\ggapp.exe
C:\Users\Izolda\Downloads\RSIT.exe
C:\Program Files\trend micro\Izolda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ ... 9&tsp=4931
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,,c:\program files\microsoft\desktoplayer.exe,c:\program files\nvidia corporation\3d vision\nvscpapisvrsrv.exe
O2 - BHO: Lyrmix - {A8E06666-F1AE-4436-80C1-A1A1A865F236} - C:\Program Files\Lyrmix\lyrmix.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [GG] "C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USLUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USLUGA SIECIOWA')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: Usluga Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usluga Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 4312 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Lyrmix Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8E06666-F1AE-4436-80C1-A1A1A865F236}]
Lyrmix - C:\Program Files\Lyrmix\lyrmix.dll [2013-06-10 133528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-12-23 9972328]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GG"=C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe [2013-06-20 3365440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG]
C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe [2013-06-20 3365440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Izolda\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-09 1044560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-07-05 10:21:23 ----D---- C:\rsit
2013-07-05 10:21:23 ----D---- C:\Program Files\trend micro
2013-07-03 00:46:08 ----D---- C:\Users\Izolda\AppData\Roaming\calibre
2013-07-03 00:37:49 ----D---- C:\ProgramData\BrowserDefender
2013-07-03 00:37:43 ----D---- C:\Users\Izolda\AppData\Roaming\BabSolution
2013-07-03 00:34:34 ----D---- C:\Users\Izolda\AppData\Roaming\DealPly
2013-07-03 00:34:17 ----D---- C:\Program Files\Lyrmix
2013-06-24 12:54:35 ----D---- C:\Program Files\Kolekcja Klasyki
2013-06-19 11:09:00 ----D---- C:\Riot Games
2013-06-18 13:52:30 ----D---- C:\ProgramData\PMB Files
2013-06-17 16:27:27 ----D---- C:\ProgramData\Room Arranger
2013-06-16 23:33:48 ----D---- C:\Program Files\Common Files\Adobe
2013-06-16 23:33:48 ----D---- C:\Program Files\Adobe
2013-06-16 23:31:34 ----D---- C:\ProgramData\Adobe
2013-06-16 17:55:23 ----D---- C:\Users\Izolda\AppData\Roaming\Mumble
2013-06-16 15:54:13 ----D---- C:\Windows\system32\searchplugins
2013-06-16 15:54:13 ----D---- C:\Windows\system32\Extensions
2013-06-16 15:53:53 ----D---- C:\Program Files\Mozilla Firefox
2013-06-16 15:53:33 ----D---- C:\ProgramData\Babylon
2013-06-16 15:53:32 ----D---- C:\Users\Izolda\AppData\Roaming\Babylon
2013-06-16 15:18:33 ----D---- C:\Users\Izolda\AppData\Roaming\Malwarebytes
2013-06-16 15:18:27 ----D---- C:\ProgramData\Malwarebytes
2013-06-16 14:48:00 ----D---- C:\Program Files\Badosoft
2013-06-15 15:08:36 ----D---- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wups2.dll
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wucltux.dll
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wuaueng.dll
2013-06-14 09:08:08 ----A---- C:\Windows\system32\wuauclt.exe
2013-06-14 09:07:47 ----A---- C:\Windows\system32\wuwebv.dll
2013-06-14 09:07:47 ----A---- C:\Windows\system32\wuapp.exe
2013-06-13 21:53:30 ----D---- C:\Program Files\Movavi Video Converter 10
2013-06-13 20:56:31 ----D---- C:\Users\Izolda\AppData\Roaming\MOVAVI
2013-06-13 20:40:09 ----D---- C:\Windows\Minidump
2013-06-12 20:38:14 ----D---- C:\Program Files\Room Arranger
2013-06-12 20:29:13 ----D---- C:\ProgramData\Google
2013-06-12 20:29:12 ----D---- C:\Users\Izolda\AppData\Roaming\Google
2013-06-11 13:35:08 ----D---- C:\Program Files\Soul of the Ultimate Nation
2013-06-11 12:54:14 ----D---- C:\Program Files\Ingamba
2013-06-11 08:27:18 ----D---- C:\Users\Izolda\AppData\Roaming\LolClient
2013-06-10 23:05:02 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-06-10 23:05:02 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-06-10 23:05:02 ----A---- C:\Windows\system32\D3DCompiler_39.dll
======List of files/folders modified in the last 1 month======
2013-07-05 10:21:23 ----D---- C:\Program Files
2013-07-05 10:21:04 ----D---- C:\Users\Izolda\AppData\Roaming\GG
2013-07-05 10:20:45 ----D---- C:\Windows\Prefetch
2013-07-05 10:15:38 ----D---- C:\Windows\System32
2013-07-05 10:15:38 ----D---- C:\Windows\inf
2013-07-05 10:15:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-05 10:09:16 ----D---- C:\Windows\system32\Tasks
2013-07-05 10:09:14 ----D---- C:\ProgramData\NVIDIA
2013-07-05 10:09:14 ----D---- C:\Program Files\Microsoft
2013-07-05 10:08:46 ----D---- C:\Windows\Temp
2013-07-05 10:08:46 ----D---- C:\Windows
2013-07-04 23:17:13 ----D---- C:\Users\Izolda\AppData\Roaming\vlc
2013-07-03 23:36:20 ----SHD---- C:\Windows\Installer
2013-07-03 16:46:29 ----D---- C:\Windows\system32\NDF
2013-07-03 16:18:08 ----SHD---- C:\System Volume Information
2013-07-03 16:17:34 ----D---- C:\Users\Izolda\AppData\Roaming\uTorrent
2013-07-03 16:17:29 ----D---- C:\Windows\Logs
2013-07-03 00:44:11 ----D---- C:\Windows\system32\config
2013-07-03 00:37:49 ----HD---- C:\ProgramData
2013-07-03 00:34:17 ----D---- C:\Windows\Tasks
2013-06-25 17:19:53 ----HD---- C:\Program Files\InstallShield Installation Information
2013-06-25 11:36:53 ----D---- C:\Windows\winsxs
2013-06-25 11:36:32 ----D---- C:\Program Files\Common Files\microsoft shared
2013-06-21 13:18:03 ----D---- C:\Users\Izolda\AppData\Roaming\Skype
2013-06-19 22:41:13 ----D---- C:\Windows\system32\catroot2
2013-06-18 13:52:15 ----D---- C:\Program Files\Pando Networks
2013-06-17 11:04:59 ----RSD---- C:\Windows\assembly
2013-06-17 11:04:14 ----RSD---- C:\Windows\Fonts
2013-06-17 08:31:26 ----SD---- C:\Users\Izolda\AppData\Roaming\Microsoft
2013-06-16 23:48:22 ----D---- C:\Users\Izolda\AppData\Roaming\Adobe
2013-06-16 23:33:48 ----D---- C:\Program Files\Common Files
2013-06-16 15:41:43 ----D---- C:\Windows\system32\drivers
2013-06-16 15:39:56 ----D---- C:\Windows\AppCompat
2013-06-15 02:36:54 ----D---- C:\Windows\rescache
2013-06-14 09:40:23 ----D---- C:\Windows\system32\catroot
2013-06-14 09:31:16 ----D---- C:\Program Files\Google
2013-06-14 09:08:31 ----D---- C:\Windows\system32\pl-PL
2013-06-12 08:40:22 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-06-10 08:06:40 ----D---- C:\ProgramData\Skype
2013-06-10 08:06:33 ----RD---- C:\Program Files\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-12-30 3351208]
R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 17920]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 LLRING0;LLRING0; \??\e:\KickerMu-V3\MuGuard\llck.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 XDva401;XDva401; \??\C:\Windows\system32\XDva401.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BrowserDefendert;BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-05-23 2827728]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-08 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-08 116648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-08 1343400]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Re: Prosim o kontrolu logu
Zdravim 
Mezi ty nepotrebne programy radite i antivir? Nebo proc ho tam nevidim?
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).



Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o kontrolu logu
Okis test stale probiha.
Nepouzival jsem antivir, jelikoz jsem pouzival IOBIT ASC ( advanced system care)
Ale nekdo mi povedel ze to neni dobre, tak jsme ho odinstaloval a uz jsem zapomel nainstalovat normalni.
A jeste bych mel prosbu o nejaky fajny Firewall. Jeslti by bylo mozno.
Nepouzival jsem antivir, jelikoz jsem pouzival IOBIT ASC ( advanced system care)
Ale nekdo mi povedel ze to neni dobre, tak jsme ho odinstaloval a uz jsem zapomel nainstalovat normalni.
A jeste bych mel prosbu o nejaky fajny Firewall. Jeslti by bylo mozno.
Re: Prosim o kontrolu logu
To je pravda, IObit dokaze nadelat vic skody nez uzitku.
Ale nemit zadnou ochranu je asi jeste horsi
Windows 7 uz ma docela slusny firewall, takze neni az tak nutny. Ale pokud chcete, tak treba Comodo.
Ale nemit zadnou ochranu je asi jeste horsi

Windows 7 uz ma docela slusny firewall, takze neni az tak nutny. Ale pokud chcete, tak treba Comodo.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o kontrolu logu
OTL logfile created on: 2013-07-05 11:46:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Izolda\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,58% Memory free
6,00 Gb Paging File | 3,58 Gb Available in Paging File | 59,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,07 Gb Total Space | 85,20 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 35,30 Gb Free Space | 90,37% Space Free | Partition Type: NTFS
Drive E: | 88,49 Gb Total Space | 72,67 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
Drive F: | 110,81 Gb Total Space | 109,42 Gb Free Space | 98,75% Space Free | Partition Type: NTFS
Drive H: | 21,39 Gb Total Space | 15,18 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Computer Name: IZOLDA-KOMPUTER | User Name: Izolda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-07-05 10:50:55 | 000,659,968 | ---- | M] (OldTimer Tools) -- C:\Users\Izolda\Desktop\OTL.exe
PRC - [2013-06-20 13:20:18 | 003,365,440 | ---- | M] (GG Network S.A.) -- C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe
PRC - [2013-06-20 13:20:18 | 000,318,016 | ---- | M] (GG Network S.A.) -- C:\Users\Izolda\AppData\Local\GG\Application\ggapp.exe
PRC - [2013-06-15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-10-16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010-10-16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2013-06-20 13:20:18 | 014,718,312 | ---- | M] () -- C:\Users\Izolda\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2013-06-20 13:20:18 | 001,945,600 | ---- | M] () -- C:\Users\Izolda\AppData\Local\GG\Application\xulrunner\mozjs.dll
MOD - [2013-06-15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013-06-15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013-06-15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013-06-15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013-06-15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013-06-15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013-05-23 11:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
========== Services (SafeList) ==========
SRV - [2013-06-12 08:40:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-05-08 19:02:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-10-16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- e:\KickerMu-V3\MuGuard\llck.sys -- (LLRING0)
DRV - [2010-10-22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-09-07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009-06-28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ ... 9&tsp=4931
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ ... 9&tsp=4931
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchT ... 9&tsp=4931
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@leeuu.com/npgboxruner;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-05-14 07:41:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrmix@lyrmix.net: C:\Program Files\Lyrmix\FF\ [2013-07-03 00:34:17 | 000,000,000 | ---D | M]
[2013-05-12 21:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izolda\AppData\Roaming\mozilla\Extensions
[2013-06-16 15:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.delta-search.com/?affID=1218 ... 2522BC9A22
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jofdlbdmefjogcipddjnblinigmpagoj\1.114_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lyrmix) - {A8E06666-F1AE-4436-80C1-A1A1A865F236} - C:\Program Files\Lyrmix\lyrmix.dll (Lyrix Engineering)
O4 - HKU\S-1-5-21-789164051-474290672-4144500938-1000..\Run: [GG] C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.204.204.204 62.233.233.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{850F734D-8495-4C86-B5C8-48BBB54EB1A7}: DhcpNameServer = 87.204.204.204 62.233.233.233
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - HKLM Winlogon: UserInit - (c:\program files\nvidia corporation\3d vision\nvscpapisvrsrv.exe) - c:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvrSrv.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{da13ab71-d149-11e2-a434-002522bc9a22}\Shell - "" = AutoRun
O33 - MountPoints2\{da13ab71-d149-11e2-a434-002522bc9a22}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2013-07-05 10:50:37 | 000,659,968 | ---- | C] (OldTimer Tools) -- C:\Users\Izolda\Desktop\OTL.exe
[2013-07-05 10:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013-07-05 10:21:23 | 000,000,000 | ---D | C] -- C:\rsit
[2013-07-03 00:46:17 | 000,000,000 | ---D | C] -- C:\Users\Izolda\Documents\Biblioteka calibre
[2013-07-03 00:46:08 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\calibre
[2013-07-03 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013-07-03 00:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013-07-03 00:37:43 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\BabSolution
[2013-07-03 00:34:34 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\DealPly
[2013-07-03 00:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lyrmix
[2013-06-25 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Izolda\Application Data
[2013-06-24 12:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki
[2013-06-24 12:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Kolekcja Klasyki
[2013-06-22 01:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013-06-19 11:09:00 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013-06-19 11:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2013-06-18 13:52:31 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\PMB Files
[2013-06-18 13:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013-06-17 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Room Arranger
[2013-06-17 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Room Arranger
[2013-06-16 23:48:22 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Adobe
[2013-06-16 23:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013-06-16 23:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013-06-16 23:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013-06-16 17:55:23 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Mumble
[2013-06-16 15:54:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013-06-16 15:54:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013-06-16 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-06-16 15:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013-06-16 15:53:32 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Babylon
[2013-06-16 15:18:33 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Malwarebytes
[2013-06-16 15:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-06-16 15:18:19 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Programs
[2013-06-16 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Badosoft
[2013-06-15 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
[2013-06-14 09:08:08 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013-06-14 09:08:08 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013-06-14 09:07:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013-06-14 09:07:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013-06-13 21:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Movavi Video Converter 10
[2013-06-13 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\MOVAVI
[2013-06-13 20:40:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013-06-12 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Room Arranger
[2013-06-12 20:38:14 | 000,000,000 | ---D | C] -- C:\Users\Izolda\Documents\Room Arranger
[2013-06-12 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Room Arranger
[2013-06-12 20:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013-06-12 20:29:12 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Google
[2013-06-11 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Soul of the Ultimate Nation
[2013-06-11 12:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ingamba GameGate
[2013-06-11 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ingamba
[2013-06-11 08:27:18 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\LolClient
[2013-06-10 23:05:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013-06-10 23:05:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013-06-10 23:05:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013-06-10 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Microsoft Games
[2013-06-10 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Izolda\.swt
[2013-06-08 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Izolda\eTeks
========== Files - Modified Within 30 Days ==========
[2013-07-05 11:48:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013-07-05 10:50:55 | 000,659,968 | ---- | M] (OldTimer Tools) -- C:\Users\Izolda\Desktop\OTL.exe
[2013-07-05 10:20:19 | 000,001,102 | ---- | M] () -- C:\Users\Izolda\Desktop\GG.lnk
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:15:38 | 000,729,608 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-07-05 10:15:38 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-07-05 10:15:38 | 000,154,276 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-07-05 10:15:38 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-07-05 10:09:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrmix Update.job
[2013-07-05 10:09:12 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-05 10:09:12 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-05 10:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-05 10:08:46 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-23 18:29:08 | 001,245,588 | ---- | M] () -- C:\Users\Izolda\Documents\znaki informacyjne.pdf
[2013-06-23 18:28:47 | 000,641,425 | ---- | M] () -- C:\Users\Izolda\Documents\znaki nakazu.pdf
[2013-06-23 18:28:18 | 001,547,980 | ---- | M] () -- C:\Users\Izolda\Documents\znaki zakazu.pdf
[2013-06-23 18:27:57 | 001,109,128 | ---- | M] () -- C:\Users\Izolda\Documents\znaki ostrzegawcze.pdf
[2013-06-19 11:15:06 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Graj w League of Legends.lnk
[2013-06-17 16:27:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Room Arranger.lnk
[2013-06-17 11:36:06 | 000,269,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-06-16 17:55:54 | 000,002,393 | ---- | M] () -- C:\Users\Izolda\Documents\MumbleAutomaticCertificateBackup.p12
[2013-06-13 21:53:37 | 000,004,104 | ---- | M] () -- C:\ProgramData\ojobkspa.ako
[2013-06-13 20:40:12 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-12 08:40:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-06-12 08:40:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-06-09 18:12:00 | 000,016,655 | ---- | M] () -- C:\Users\Izolda\Documents\apart.sh3d
========== Files Created - No Company Name ==========
[2013-07-05 10:55:02 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013-07-05 10:20:19 | 000,001,102 | ---- | C] () -- C:\Users\Izolda\Desktop\GG.lnk
[2013-07-05 10:20:13 | 000,001,110 | ---- | C] () -- C:\Users\Izolda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk
[2013-07-03 00:34:17 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\Lyrmix Update.job
[2013-06-23 18:29:08 | 001,245,588 | ---- | C] () -- C:\Users\Izolda\Documents\znaki informacyjne.pdf
[2013-06-23 18:28:47 | 000,641,425 | ---- | C] () -- C:\Users\Izolda\Documents\znaki nakazu.pdf
[2013-06-23 18:28:18 | 001,547,980 | ---- | C] () -- C:\Users\Izolda\Documents\znaki zakazu.pdf
[2013-06-23 18:27:57 | 001,109,128 | ---- | C] () -- C:\Users\Izolda\Documents\znaki ostrzegawcze.pdf
[2013-06-19 11:15:06 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Graj w League of Legends.lnk
[2013-06-17 16:27:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Room Arranger.lnk
[2013-06-16 23:34:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013-06-16 17:55:54 | 000,002,393 | ---- | C] () -- C:\Users\Izolda\Documents\MumbleAutomaticCertificateBackup.p12
[2013-06-13 21:53:37 | 000,004,104 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2013-06-09 01:07:14 | 000,016,655 | ---- | C] () -- C:\Users\Izolda\Documents\apart.sh3d
[2013-05-02 12:39:16 | 000,109,696 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2013-05-02 12:39:14 | 000,091,264 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
========== ZeroAccess Check ==========
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-05-08 19:33:16 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013-07-03 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\BabSolution
[2013-06-16 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Babylon
[2013-07-03 00:48:48 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\calibre
[2013-07-03 00:34:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\DealPly
[2013-05-13 21:43:38 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\EQATEC Analytics
[2013-05-24 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\gbox
[2013-07-05 10:21:04 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GG
[2013-05-08 18:18:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GHISLER
[2013-05-08 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\IObit
[2013-06-11 08:27:18 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\LolClient
[2013-06-13 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\MOVAVI
[2013-06-16 18:28:20 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Mumble
[2013-06-15 15:08:36 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
[2013-06-02 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Registry Mechanic
[2013-05-14 07:41:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Thunderbird
[2013-06-03 16:27:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Unity
[2013-07-03 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009-07-14 06:53:46 | 000,017,804 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009-07-14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013-05-08 18:36:19 | 000,000,930 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013-05-08 18:38:21 | 000,001,032 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013-05-08 18:38:22 | 000,001,036 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013-07-03 00:34:17 | 000,000,358 | ---- | C] () -- C:\Windows\Tasks\Lyrmix Update.job
< >
< MD5 for: AGP440.SYS >
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009-07-14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009-07-14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2013-05-08 19:42:39 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2013-05-08 19:42:39 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009-07-14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2013-05-08 19:42:39 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013-05-08 19:42:39 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\System32\cryptsvc.dll
[2013-05-08 19:42:39 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2013-05-08 19:07:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2013-05-08 18:53:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2013-05-08 19:07:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2013-05-08 18:52:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2013-05-08 18:52:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2013-05-08 18:53:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009-07-14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009-07-14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2013-05-08 19:33:59 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\System32\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2013-05-08 19:33:59 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\drivers\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SMSS.EXE >
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\System32\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
< MD5 for: SVCHOST.EXE >
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2013-05-08 19:09:41 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2013-05-08 19:09:41 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009-07-14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013-05-08 20:04:56 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2013-05-08 20:04:56 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013-05-08 19:09:41 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013-05-08 20:04:56 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2013-05-08 19:09:41 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013-05-08 20:04:56 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\System32\drivers\tcpip.sys
[2013-05-08 20:04:56 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2013-05-08 18:53:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2013-05-08 18:53:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2013-05-08 18:53:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\5fe44affdc18e079a822517c7105c076\*.tmp files -> C:\Windows\SoftwareDistribution\Download\5fe44affdc18e079a822517c7105c076\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013-06-16 23:48:22 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Adobe
[2013-05-08 20:25:41 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Apple Computer
[2013-07-03 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\BabSolution
[2013-06-16 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Babylon
[2013-07-03 00:48:48 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\calibre
[2013-07-03 00:34:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\DealPly
[2013-05-13 21:43:38 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\EQATEC Analytics
[2013-05-24 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\gbox
[2013-07-05 10:21:04 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GG
[2013-05-08 18:18:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GHISLER
[2013-06-12 20:29:12 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Google
[2013-05-08 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Identities
[2013-05-08 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\IObit
[2013-06-11 08:27:18 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\LolClient
[2013-05-08 18:36:28 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Macromedia
[2013-06-16 15:18:33 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Malwarebytes
[2009-07-14 10:28:09 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Media Center Programs
[2013-06-17 08:31:26 | 000,000,000 | --SD | M] -- C:\Users\Izolda\AppData\Roaming\Microsoft
[2013-06-13 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\MOVAVI
[2013-05-12 21:01:30 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Mozilla
[2013-06-16 18:28:20 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Mumble
[2013-06-02 17:27:59 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\NVIDIA
[2013-06-15 15:08:36 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
[2013-06-02 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Registry Mechanic
[2013-06-21 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Skype
[2013-05-14 07:41:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Thunderbird
[2013-06-03 16:27:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Unity
[2013-07-03 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\uTorrent
[2013-07-04 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\vlc
< %APPDATA%\*.exe /s >
[2013-06-06 11:23:16 | 000,004,608 | ---- | M] () -- C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\BabMaint.exe
[2013-07-03 08:15:29 | 000,450,560 | ---- | M] (Babylon Ltd.) -- C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
[2013-03-19 16:12:05 | 000,093,728 | ---- | M] () -- C:\Users\Izolda\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
[2013-05-08 14:53:48 | 000,045,408 | ---- | M] () -- C:\Users\Izolda\AppData\Roaming\GG\ggdrive\unggdrive-menu.exe
[2013-05-09 14:46:37 | 001,044,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Izolda\AppData\Roaming\uTorrent\uTorrent.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Izolda\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,58% Memory free
6,00 Gb Paging File | 3,58 Gb Available in Paging File | 59,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,07 Gb Total Space | 85,20 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 35,30 Gb Free Space | 90,37% Space Free | Partition Type: NTFS
Drive E: | 88,49 Gb Total Space | 72,67 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
Drive F: | 110,81 Gb Total Space | 109,42 Gb Free Space | 98,75% Space Free | Partition Type: NTFS
Drive H: | 21,39 Gb Total Space | 15,18 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Computer Name: IZOLDA-KOMPUTER | User Name: Izolda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-07-05 10:50:55 | 000,659,968 | ---- | M] (OldTimer Tools) -- C:\Users\Izolda\Desktop\OTL.exe
PRC - [2013-06-20 13:20:18 | 003,365,440 | ---- | M] (GG Network S.A.) -- C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe
PRC - [2013-06-20 13:20:18 | 000,318,016 | ---- | M] (GG Network S.A.) -- C:\Users\Izolda\AppData\Local\GG\Application\ggapp.exe
PRC - [2013-06-15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-10-16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010-10-16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2013-06-20 13:20:18 | 014,718,312 | ---- | M] () -- C:\Users\Izolda\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2013-06-20 13:20:18 | 001,945,600 | ---- | M] () -- C:\Users\Izolda\AppData\Local\GG\Application\xulrunner\mozjs.dll
MOD - [2013-06-15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013-06-15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013-06-15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013-06-15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013-06-15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013-06-15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013-05-23 11:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
========== Services (SafeList) ==========
SRV - [2013-06-12 08:40:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-05-08 19:02:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-10-16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- e:\KickerMu-V3\MuGuard\llck.sys -- (LLRING0)
DRV - [2010-10-22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-09-07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009-06-28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ ... 9&tsp=4931
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ ... 9&tsp=4931
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchT ... 9&tsp=4931
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789164051-474290672-4144500938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@leeuu.com/npgboxruner;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-05-14 07:41:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrmix@lyrmix.net: C:\Program Files\Lyrmix\FF\ [2013-07-03 00:34:17 | 000,000,000 | ---D | M]
[2013-05-12 21:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izolda\AppData\Roaming\mozilla\Extensions
[2013-06-16 15:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.delta-search.com/?affID=1218 ... 2522BC9A22
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jofdlbdmefjogcipddjnblinigmpagoj\1.114_0\
CHR - Extension: No name found = C:\Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lyrmix) - {A8E06666-F1AE-4436-80C1-A1A1A865F236} - C:\Program Files\Lyrmix\lyrmix.dll (Lyrix Engineering)
O4 - HKU\S-1-5-21-789164051-474290672-4144500938-1000..\Run: [GG] C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.204.204.204 62.233.233.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{850F734D-8495-4C86-B5C8-48BBB54EB1A7}: DhcpNameServer = 87.204.204.204 62.233.233.233
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - HKLM Winlogon: UserInit - (c:\program files\nvidia corporation\3d vision\nvscpapisvrsrv.exe) - c:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvrSrv.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{da13ab71-d149-11e2-a434-002522bc9a22}\Shell - "" = AutoRun
O33 - MountPoints2\{da13ab71-d149-11e2-a434-002522bc9a22}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2013-07-05 10:50:37 | 000,659,968 | ---- | C] (OldTimer Tools) -- C:\Users\Izolda\Desktop\OTL.exe
[2013-07-05 10:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013-07-05 10:21:23 | 000,000,000 | ---D | C] -- C:\rsit
[2013-07-03 00:46:17 | 000,000,000 | ---D | C] -- C:\Users\Izolda\Documents\Biblioteka calibre
[2013-07-03 00:46:08 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\calibre
[2013-07-03 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013-07-03 00:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013-07-03 00:37:43 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\BabSolution
[2013-07-03 00:34:34 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\DealPly
[2013-07-03 00:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lyrmix
[2013-06-25 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Izolda\Application Data
[2013-06-24 12:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki
[2013-06-24 12:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Kolekcja Klasyki
[2013-06-22 01:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013-06-19 11:09:00 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013-06-19 11:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2013-06-18 13:52:31 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\PMB Files
[2013-06-18 13:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013-06-17 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Room Arranger
[2013-06-17 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Room Arranger
[2013-06-16 23:48:22 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Adobe
[2013-06-16 23:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013-06-16 23:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013-06-16 23:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013-06-16 17:55:23 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Mumble
[2013-06-16 15:54:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013-06-16 15:54:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013-06-16 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-06-16 15:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013-06-16 15:53:32 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Babylon
[2013-06-16 15:18:33 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Malwarebytes
[2013-06-16 15:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-06-16 15:18:19 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Programs
[2013-06-16 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Badosoft
[2013-06-15 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
[2013-06-14 09:08:08 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013-06-14 09:08:08 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013-06-14 09:07:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013-06-14 09:07:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013-06-13 21:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Movavi Video Converter 10
[2013-06-13 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\MOVAVI
[2013-06-13 20:40:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013-06-12 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Room Arranger
[2013-06-12 20:38:14 | 000,000,000 | ---D | C] -- C:\Users\Izolda\Documents\Room Arranger
[2013-06-12 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Room Arranger
[2013-06-12 20:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013-06-12 20:29:12 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\Google
[2013-06-11 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Soul of the Ultimate Nation
[2013-06-11 12:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ingamba GameGate
[2013-06-11 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ingamba
[2013-06-11 08:27:18 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Roaming\LolClient
[2013-06-10 23:05:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013-06-10 23:05:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013-06-10 23:05:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013-06-10 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\Izolda\AppData\Local\Microsoft Games
[2013-06-10 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Izolda\.swt
[2013-06-08 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Izolda\eTeks
========== Files - Modified Within 30 Days ==========
[2013-07-05 11:48:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013-07-05 10:50:55 | 000,659,968 | ---- | M] (OldTimer Tools) -- C:\Users\Izolda\Desktop\OTL.exe
[2013-07-05 10:20:19 | 000,001,102 | ---- | M] () -- C:\Users\Izolda\Desktop\GG.lnk
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:15:38 | 000,729,608 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-07-05 10:15:38 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-07-05 10:15:38 | 000,154,276 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-07-05 10:15:38 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-07-05 10:09:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrmix Update.job
[2013-07-05 10:09:12 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-05 10:09:12 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-05 10:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-05 10:08:46 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-23 18:29:08 | 001,245,588 | ---- | M] () -- C:\Users\Izolda\Documents\znaki informacyjne.pdf
[2013-06-23 18:28:47 | 000,641,425 | ---- | M] () -- C:\Users\Izolda\Documents\znaki nakazu.pdf
[2013-06-23 18:28:18 | 001,547,980 | ---- | M] () -- C:\Users\Izolda\Documents\znaki zakazu.pdf
[2013-06-23 18:27:57 | 001,109,128 | ---- | M] () -- C:\Users\Izolda\Documents\znaki ostrzegawcze.pdf
[2013-06-19 11:15:06 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Graj w League of Legends.lnk
[2013-06-17 16:27:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Room Arranger.lnk
[2013-06-17 11:36:06 | 000,269,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-06-16 17:55:54 | 000,002,393 | ---- | M] () -- C:\Users\Izolda\Documents\MumbleAutomaticCertificateBackup.p12
[2013-06-13 21:53:37 | 000,004,104 | ---- | M] () -- C:\ProgramData\ojobkspa.ako
[2013-06-13 20:40:12 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-12 08:40:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-06-12 08:40:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-06-09 18:12:00 | 000,016,655 | ---- | M] () -- C:\Users\Izolda\Documents\apart.sh3d
========== Files Created - No Company Name ==========
[2013-07-05 10:55:02 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013-07-05 10:20:19 | 000,001,102 | ---- | C] () -- C:\Users\Izolda\Desktop\GG.lnk
[2013-07-05 10:20:13 | 000,001,110 | ---- | C] () -- C:\Users\Izolda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk
[2013-07-03 00:34:17 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\Lyrmix Update.job
[2013-06-23 18:29:08 | 001,245,588 | ---- | C] () -- C:\Users\Izolda\Documents\znaki informacyjne.pdf
[2013-06-23 18:28:47 | 000,641,425 | ---- | C] () -- C:\Users\Izolda\Documents\znaki nakazu.pdf
[2013-06-23 18:28:18 | 001,547,980 | ---- | C] () -- C:\Users\Izolda\Documents\znaki zakazu.pdf
[2013-06-23 18:27:57 | 001,109,128 | ---- | C] () -- C:\Users\Izolda\Documents\znaki ostrzegawcze.pdf
[2013-06-19 11:15:06 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Graj w League of Legends.lnk
[2013-06-17 16:27:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Room Arranger.lnk
[2013-06-16 23:34:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013-06-16 17:55:54 | 000,002,393 | ---- | C] () -- C:\Users\Izolda\Documents\MumbleAutomaticCertificateBackup.p12
[2013-06-13 21:53:37 | 000,004,104 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2013-06-09 01:07:14 | 000,016,655 | ---- | C] () -- C:\Users\Izolda\Documents\apart.sh3d
[2013-05-02 12:39:16 | 000,109,696 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2013-05-02 12:39:14 | 000,091,264 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
========== ZeroAccess Check ==========
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-05-08 19:33:16 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013-07-03 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\BabSolution
[2013-06-16 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Babylon
[2013-07-03 00:48:48 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\calibre
[2013-07-03 00:34:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\DealPly
[2013-05-13 21:43:38 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\EQATEC Analytics
[2013-05-24 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\gbox
[2013-07-05 10:21:04 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GG
[2013-05-08 18:18:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GHISLER
[2013-05-08 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\IObit
[2013-06-11 08:27:18 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\LolClient
[2013-06-13 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\MOVAVI
[2013-06-16 18:28:20 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Mumble
[2013-06-15 15:08:36 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
[2013-06-02 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Registry Mechanic
[2013-05-14 07:41:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Thunderbird
[2013-06-03 16:27:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Unity
[2013-07-03 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009-07-14 06:53:46 | 000,017,804 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009-07-14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013-05-08 18:36:19 | 000,000,930 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013-05-08 18:38:21 | 000,001,032 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013-05-08 18:38:22 | 000,001,036 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013-07-03 00:34:17 | 000,000,358 | ---- | C] () -- C:\Windows\Tasks\Lyrmix Update.job
< >
< MD5 for: AGP440.SYS >
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009-07-14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009-07-14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2013-05-08 19:42:39 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2013-05-08 19:42:39 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009-07-14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2013-05-08 19:42:39 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013-05-08 19:42:39 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\System32\cryptsvc.dll
[2013-05-08 19:42:39 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2013-05-08 19:07:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2013-05-08 18:53:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2013-05-08 19:07:29 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2013-05-08 19:07:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2013-05-08 18:52:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2013-05-08 18:52:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2013-05-08 18:53:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009-07-14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009-07-14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2013-06-02 12:49:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009-07-14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2013-05-08 19:33:59 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\System32\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2013-05-08 19:33:59 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2013-05-08 19:18:55 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\drivers\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2013-06-02 12:49:55 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2013-06-02 12:49:55 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SMSS.EXE >
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\System32\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2013-05-08 20:11:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
< MD5 for: SVCHOST.EXE >
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2013-05-08 19:09:41 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2013-05-08 19:09:41 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009-07-14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013-05-08 20:04:56 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2013-05-08 20:04:56 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013-05-08 19:09:41 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013-05-08 20:04:56 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2013-05-08 19:09:41 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013-05-08 20:04:56 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\System32\drivers\tcpip.sys
[2013-05-08 20:04:56 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2013-05-08 18:53:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2013-05-08 18:53:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2013-05-08 18:53:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\5fe44affdc18e079a822517c7105c076\*.tmp files -> C:\Windows\SoftwareDistribution\Download\5fe44affdc18e079a822517c7105c076\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013-06-16 23:48:22 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Adobe
[2013-05-08 20:25:41 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Apple Computer
[2013-07-03 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\BabSolution
[2013-06-16 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Babylon
[2013-07-03 00:48:48 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\calibre
[2013-07-03 00:34:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\DealPly
[2013-05-13 21:43:38 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\EQATEC Analytics
[2013-05-24 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\gbox
[2013-07-05 10:21:04 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GG
[2013-05-08 18:18:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\GHISLER
[2013-06-12 20:29:12 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Google
[2013-05-08 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Identities
[2013-05-08 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\IObit
[2013-06-11 08:27:18 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\LolClient
[2013-05-08 18:36:28 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Macromedia
[2013-06-16 15:18:33 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Malwarebytes
[2009-07-14 10:28:09 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Media Center Programs
[2013-06-17 08:31:26 | 000,000,000 | --SD | M] -- C:\Users\Izolda\AppData\Roaming\Microsoft
[2013-06-13 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\MOVAVI
[2013-05-12 21:01:30 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Mozilla
[2013-06-16 18:28:20 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Mumble
[2013-06-02 17:27:59 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\NVIDIA
[2013-06-15 15:08:36 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\OpenOffice.org
[2013-06-02 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Registry Mechanic
[2013-06-21 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Skype
[2013-05-14 07:41:40 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Thunderbird
[2013-06-03 16:27:39 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\Unity
[2013-07-03 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\uTorrent
[2013-07-04 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Izolda\AppData\Roaming\vlc
< %APPDATA%\*.exe /s >
[2013-06-06 11:23:16 | 000,004,608 | ---- | M] () -- C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\BabMaint.exe
[2013-07-03 08:15:29 | 000,450,560 | ---- | M] (Babylon Ltd.) -- C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
[2013-03-19 16:12:05 | 000,093,728 | ---- | M] () -- C:\Users\Izolda\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
[2013-05-08 14:53:48 | 000,045,408 | ---- | M] () -- C:\Users\Izolda\AppData\Roaming\GG\ggdrive\unggdrive-menu.exe
[2013-05-09 14:46:37 | 001,044,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Izolda\AppData\Roaming\uTorrent\uTorrent.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
Re: Prosim o kontrolu logu
< %systemroot%\system32\*.* /3 >
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:15:38 | 000,120,870 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013-07-05 10:15:38 | 000,154,276 | ---- | M] () -- C:\Windows\system32\perfc015.dat
[2013-07-05 10:15:38 | 000,651,938 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013-07-05 10:15:38 | 000,729,608 | ---- | M] () -- C:\Windows\system32\perfh015.dat
[2013-07-05 10:15:38 | 001,662,580 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"GG" = "C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe" -- [2013-06-20 13:20:18 | 003,365,440 | ---- | M] (GG Network S.A.)
"WebCake Desktop" = "C:\Users\Izolda\AppData\Roaming\WebCake\WebCakeDesktop.exe" -- [2013-06-21 02:07:33 | 000,047,896 | ---- | M] (WebCake LLC)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013-07-05 11:48:35 | 000,000,512 | ---- | M] () MD5=8E4B99DE82927A82F81046A2E7FF50AD -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2013-07-04 21:58:29 | 000,021,062 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack01-png.sol
[2013-07-04 21:58:25 | 000,031,560 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack02-png.sol
[2013-07-04 21:58:25 | 000,025,087 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack03-png.sol
[2013-07-04 21:58:27 | 000,016,798 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack04-png.sol
< *keygen* /s >
[2013-06-16 15:19:48 | 000,002,917 | ---- | M] () -- \Users\Izolda\AppData\Roaming\uTorrent\Latency Optimizer 3.0 Setup + Keygen.rar.torrent
< *AntiWPA* /s >
< *loader* /s >
[2009-05-31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011-03-25 10:05:52 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\licenses\loaderbinarylegal.txt
[2011-03-25 10:04:32 | 000,679,429 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.google.inject_1.0.0.customloader-20090412.jar
[2013-02-20 16:28:38 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013-02-20 16:28:38 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013-02-20 16:28:38 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012-02-16 14:44:38 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\assets\storeImages\layout\small_loader.gif
[2013-02-20 16:28:38 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013-02-20 16:28:38 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013-02-20 16:28:38 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013-06-20 13:20:16 | 000,174,761 | ---- | M] () -- \Users\Izolda\AppData\Local\GG\Application\chrome\swf\AvatarUploader.swf
[2012-09-24 14:44:50 | 000,010,819 | ---- | M] () -- \Users\Izolda\AppData\Local\Temp\ish6871719\images\loader.gif
[2010-11-20 07:28:20 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_178685823786d34d.manifest
[2010-11-20 07:38:52 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_d8268e5f2967c990.manifest
[1 \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp files -> \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp -> ]
[2013-05-08 20:03:50 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009-07-14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009-07-14 10:07:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f.manifest
[2009-07-14 10:07:40 | 000,035,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f_winload.exe.mui_3bc5b827
[2009-07-14 10:07:40 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f_winresume.exe.mui_ff8b5358
[2013-05-08 18:52:42 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2013-05-08 18:52:42 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2013-05-08 18:52:42 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009-07-14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009-07-14 10:06:29 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f.manifest
[2009-07-14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2013-05-08 18:52:31 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2013-05-08 18:52:31 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010-11-20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009-07-14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009-07-14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:03:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:03:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:03:51 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pl\System.RunTime.Serialization.Resources.dll
[2011-03-25 10:04:18 | 000,026,761 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.serialio.win32.x86_2.10.2.0.jar
[2011-03-25 10:04:16 | 000,049,506 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.serialio_2.11.4.11.jar
[2011-03-25 10:06:20 | 000,002,236 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.sonyericsson.cs.serialcommunication_2.11.4.11.jar
[2013-07-05 12:08:31 | 000,026,653 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\updates\com.serialio.win32.x86_2.13.1.1.zip-unpack
[2013-07-05 12:08:03 | 000,049,215 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\updates\com.serialio_2.13.7.201306141231.jar
[2013-07-05 12:08:15 | 000,006,000 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\updates\com.sonymobile.cs.serialcommunication_2.13.7.201306141231.jar
[1 \Program Files\Sony Ericsson\Update Service\updates\*.tmp files -> \Program Files\Sony Ericsson\Update Service\updates\*.tmp -> ]
[2013-07-05 12:07:02 | 000,057,344 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\usconfiguration\org.eclipse.osgi\bundles\9\1\.cp\lib\serialio.dll
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_pl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009-06-10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_pl_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009-07-14 06:43:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2013-05-08 22:03:57 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\428143857fa1c250d50ec55132dd8a2f\System.Runtime.Serialization.ni.dll
[2009-07-14 06:43:05 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013-05-08 20:38:27 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb60d17f642ddd80e019687c1e02ba17\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013-06-02 14:42:05 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\77abf1693d291d374b58ffbbfe36d4dd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013-06-02 14:42:26 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
[2013-06-02 14:45:58 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\058c3947c450591cb81643529cfd5ca7\System.Xml.Serialization.ni.dll
[2013-05-13 15:27:09 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_pl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013-06-02 13:22:11 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013-05-13 15:27:09 | 000,108,424 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_pl_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013-06-02 13:22:09 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013-06-02 13:22:15 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009-06-10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\pl\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010-03-18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010-03-18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011-04-06 16:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2010-06-14 21:38:44 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\pl\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010-06-14 21:38:44 | 000,108,424 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\pl\System.RunTime.Serialization.resources.dll
[2010-11-20 05:06:18 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_hu-hu_1778ab4419ab99ad.manifest
[2010-11-20 05:00:14 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_nl-nl_28520112cd09eae9.manifest
[2010-11-20 05:09:30 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_sv-se_0bbde5ad62777806.manifest
[2010-11-20 05:54:04 | 000,001,638 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_zh-cn_493a46a2345c6076.manifest
[1 \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp files -> \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp -> ]
[2009-07-14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009-07-14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009-07-14 10:07:22 | 000,010,752 | ---- | M] () -- \Windows\System32\drivers\pl-PL\serial.sys.mui
[2009-07-14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009-07-14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009-07-14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009-07-14 10:07:17 | 000,005,120 | ---- | M] () -- \Windows\System32\pl-PL\serialui.dll.mui
[2009-07-14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009-07-14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009-07-14 10:07:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_90dfcef19a232006_serialui.dll.mui_7d29d2a3
[2009-07-14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009-07-14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2013-05-08 20:02:31 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009.manifest
[2013-05-08 20:02:31 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01.manifest
[2010-11-20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009-07-14 10:06:47 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_pl-pl_8352a14308925f1f.manifest
[2013-05-08 20:02:32 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.17136_pl-pl_834d8b370896f692.manifest
[2013-05-08 20:02:32 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.21337_pl-pl_6c7fcd8b223e708a.manifest
[2009-07-14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2013-05-08 20:02:31 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c.manifest
[2013-05-08 20:02:31 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34.manifest
[2010-11-20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009-07-14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009-07-14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009-07-14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2013-05-08 20:02:31 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e.manifest
[2013-05-08 20:02:31 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576.manifest
[2010-11-20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009-06-10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_pl-pl_24c09b235e7777b3\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009-06-10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01\System.Runtime.Serialization.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_pl-pl_8352a14308925f1f\System.RunTime.Serialization.Resources.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.17136_pl-pl_834d8b370896f692\System.RunTime.Serialization.Resources.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.21337_pl-pl_6c7fcd8b223e708a\System.RunTime.Serialization.Resources.dll
[2009-06-10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34\System.Runtime.Serialization.dll
[2009-07-14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_02a1585361ce6ea8\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009-07-14 10:07:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_90dfcef19a232006\serialui.dll.mui
[2009-07-14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_9fe8fff108f734e5\System.RunTime.Serialization.Resources.dll
[2009-07-14 10:07:22 | 000,010,752 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_072b0fe602b4bfaf\serial.sys.mui
[2009-07-14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009-07-14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009-06-10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576\System.Runtime.Serialization.dll
< *w7lxe* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879
< End of report >
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:16:19 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-05 10:15:38 | 000,120,870 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013-07-05 10:15:38 | 000,154,276 | ---- | M] () -- C:\Windows\system32\perfc015.dat
[2013-07-05 10:15:38 | 000,651,938 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013-07-05 10:15:38 | 000,729,608 | ---- | M] () -- C:\Windows\system32\perfh015.dat
[2013-07-05 10:15:38 | 001,662,580 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"GG" = "C:\Users\Izolda\AppData\Local\GG\Application\gghub.exe" -- [2013-06-20 13:20:18 | 003,365,440 | ---- | M] (GG Network S.A.)
"WebCake Desktop" = "C:\Users\Izolda\AppData\Roaming\WebCake\WebCakeDesktop.exe" -- [2013-06-21 02:07:33 | 000,047,896 | ---- | M] (WebCake LLC)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013-07-05 11:48:35 | 000,000,512 | ---- | M] () MD5=8E4B99DE82927A82F81046A2E7FF50AD -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2013-07-04 21:58:29 | 000,021,062 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack01-png.sol
[2013-07-04 21:58:25 | 000,031,560 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack02-png.sol
[2013-07-04 21:58:25 | 000,025,087 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack03-png.sol
[2013-07-04 21:58:27 | 000,016,798 | ---- | M] () -- \Users\Izolda\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C2U6R6TM\s2lopl.oasgames.com\mapmaterial-floo#\r-dungeon-floor-crack04-png.sol
< *keygen* /s >
[2013-06-16 15:19:48 | 000,002,917 | ---- | M] () -- \Users\Izolda\AppData\Roaming\uTorrent\Latency Optimizer 3.0 Setup + Keygen.rar.torrent
< *AntiWPA* /s >
< *loader* /s >
[2009-05-31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011-03-25 10:05:52 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\licenses\loaderbinarylegal.txt
[2011-03-25 10:04:32 | 000,679,429 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.google.inject_1.0.0.customloader-20090412.jar
[2013-02-20 16:28:38 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013-02-20 16:28:38 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013-02-20 16:28:38 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012-02-16 14:44:38 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\assets\storeImages\layout\small_loader.gif
[2013-02-20 16:28:38 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013-02-20 16:28:38 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013-02-20 16:28:38 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013-06-20 13:20:16 | 000,174,761 | ---- | M] () -- \Users\Izolda\AppData\Local\GG\Application\chrome\swf\AvatarUploader.swf
[2012-09-24 14:44:50 | 000,010,819 | ---- | M] () -- \Users\Izolda\AppData\Local\Temp\ish6871719\images\loader.gif
[2010-11-20 07:28:20 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_178685823786d34d.manifest
[2010-11-20 07:38:52 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_d8268e5f2967c990.manifest
[1 \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp files -> \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp -> ]
[2013-05-08 20:03:50 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009-07-14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009-07-14 10:07:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f.manifest
[2009-07-14 10:07:40 | 000,035,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f_winload.exe.mui_3bc5b827
[2009-07-14 10:07:40 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f_winresume.exe.mui_ff8b5358
[2013-05-08 18:52:42 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2013-05-08 18:52:42 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2013-05-08 18:52:42 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009-07-14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009-07-14 10:06:29 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_75b75c09b381d59f.manifest
[2009-07-14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2013-05-08 18:52:31 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2013-05-08 18:52:31 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010-11-20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009-07-14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009-07-14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:03:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:03:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 19:50:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:01:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-05-08 20:03:51 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pl\System.RunTime.Serialization.Resources.dll
[2011-03-25 10:04:18 | 000,026,761 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.serialio.win32.x86_2.10.2.0.jar
[2011-03-25 10:04:16 | 000,049,506 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.serialio_2.11.4.11.jar
[2011-03-25 10:06:20 | 000,002,236 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.sonyericsson.cs.serialcommunication_2.11.4.11.jar
[2013-07-05 12:08:31 | 000,026,653 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\updates\com.serialio.win32.x86_2.13.1.1.zip-unpack
[2013-07-05 12:08:03 | 000,049,215 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\updates\com.serialio_2.13.7.201306141231.jar
[2013-07-05 12:08:15 | 000,006,000 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\updates\com.sonymobile.cs.serialcommunication_2.13.7.201306141231.jar
[1 \Program Files\Sony Ericsson\Update Service\updates\*.tmp files -> \Program Files\Sony Ericsson\Update Service\updates\*.tmp -> ]
[2013-07-05 12:07:02 | 000,057,344 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\usconfiguration\org.eclipse.osgi\bundles\9\1\.cp\lib\serialio.dll
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_pl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009-06-10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_pl_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009-07-14 06:43:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2013-05-08 22:03:57 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\428143857fa1c250d50ec55132dd8a2f\System.Runtime.Serialization.ni.dll
[2009-07-14 06:43:05 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013-05-08 20:38:27 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb60d17f642ddd80e019687c1e02ba17\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013-06-02 14:42:05 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\77abf1693d291d374b58ffbbfe36d4dd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013-06-02 14:42:26 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
[2013-06-02 14:45:58 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\058c3947c450591cb81643529cfd5ca7\System.Xml.Serialization.ni.dll
[2013-05-13 15:27:09 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_pl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013-06-02 13:22:11 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013-05-13 15:27:09 | 000,108,424 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_pl_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013-06-02 13:22:09 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013-06-02 13:22:15 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009-06-10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\pl\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010-03-18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010-03-18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011-04-06 16:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2010-06-14 21:38:44 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\pl\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010-06-14 21:38:44 | 000,108,424 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\pl\System.RunTime.Serialization.resources.dll
[2010-11-20 05:06:18 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_hu-hu_1778ab4419ab99ad.manifest
[2010-11-20 05:00:14 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_nl-nl_28520112cd09eae9.manifest
[2010-11-20 05:09:30 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_sv-se_0bbde5ad62777806.manifest
[2010-11-20 05:54:04 | 000,001,638 | ---- | M] () -- \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_zh-cn_493a46a2345c6076.manifest
[1 \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp files -> \Windows\SoftwareDistribution\Download\45dd4c84346a475c7dbf02dcb6d507b2\*.tmp -> ]
[2009-07-14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009-07-14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009-07-14 10:07:22 | 000,010,752 | ---- | M] () -- \Windows\System32\drivers\pl-PL\serial.sys.mui
[2009-07-14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009-07-14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009-07-14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009-07-14 10:07:17 | 000,005,120 | ---- | M] () -- \Windows\System32\pl-PL\serialui.dll.mui
[2009-07-14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009-07-14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009-07-14 10:07:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_90dfcef19a232006_serialui.dll.mui_7d29d2a3
[2009-07-14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009-07-14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2013-05-08 20:02:31 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009.manifest
[2013-05-08 20:02:31 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01.manifest
[2010-11-20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009-07-14 10:06:47 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_pl-pl_8352a14308925f1f.manifest
[2013-05-08 20:02:32 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.17136_pl-pl_834d8b370896f692.manifest
[2013-05-08 20:02:32 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.21337_pl-pl_6c7fcd8b223e708a.manifest
[2009-07-14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2013-05-08 20:02:31 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c.manifest
[2013-05-08 20:02:31 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34.manifest
[2010-11-20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009-07-14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009-07-14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009-07-14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2013-05-08 20:02:31 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e.manifest
[2013-05-08 20:02:31 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576.manifest
[2010-11-20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009-06-10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_pl-pl_24c09b235e7777b3\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009-06-10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01\System.Runtime.Serialization.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_pl-pl_8352a14308925f1f\System.RunTime.Serialization.Resources.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.17136_pl-pl_834d8b370896f692\System.RunTime.Serialization.Resources.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.21337_pl-pl_6c7fcd8b223e708a\System.RunTime.Serialization.Resources.dll
[2009-06-10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34\System.Runtime.Serialization.dll
[2009-07-14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009-07-14 10:07:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_02a1585361ce6ea8\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009-07-14 10:07:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_90dfcef19a232006\serialui.dll.mui
[2009-07-14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009-07-14 10:07:28 | 000,098,304 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_9fe8fff108f734e5\System.RunTime.Serialization.Resources.dll
[2009-07-14 10:07:22 | 000,010,752 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_072b0fe602b4bfaf\serial.sys.mui
[2009-07-14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009-07-14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009-06-10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e\System.Runtime.Serialization.dll
[2013-05-08 20:02:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576\System.Runtime.Serialization.dll
< *w7lxe* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879
< End of report >
Re: Prosim o kontrolu logu
OTL Extras logfile created on: 2013-07-05 11:46:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Izolda\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,58% Memory free
6,00 Gb Paging File | 3,58 Gb Available in Paging File | 59,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,07 Gb Total Space | 85,20 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 35,30 Gb Free Space | 90,37% Space Free | Partition Type: NTFS
Drive E: | 88,49 Gb Total Space | 72,67 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
Drive F: | 110,81 Gb Total Space | 109,42 Gb Free Space | 98,75% Space Free | Partition Type: NTFS
Drive H: | 21,39 Gb Total Space | 15,18 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Computer Name: IZOLDA-KOMPUTER | User Name: Izolda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{352F0624-BCFD-4F45-8761-8AEDF86DF101}" = lport=58695 | protocol=17 | dir=in | name=pando media booster |
"{41A8FEA4-86D1-4A6A-9A83-417072174EE2}" = lport=58695 | protocol=17 | dir=in | name=pando media booster |
"{45447406-8854-4137-9BA2-360D3E05905C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{757243D6-32BF-45E7-9528-E0750725FBAE}" = lport=58695 | protocol=6 | dir=in | name=pando media booster |
"{B5810684-7FFA-4261-82D3-7ABC94C1FD8F}" = lport=58695 | protocol=6 | dir=in | name=pando media booster |
"{C201F5B1-5AE7-479A-B2EE-FE9EBB43D248}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EC5573D-F112-42E4-89EA-687F0B94290C}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{35BC13B9-A433-4E86-875B-81BA06C5ADE4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3767E7F6-FC18-491F-A5FB-E5F67D3A4453}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{478CD348-EF2D-4ED9-98DF-4BEDE5393A79}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{54F535A4-E271-4547-8612-0480CC450A7B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{66AD5983-7A71-40DA-A871-E0062DA8268A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{6B61D682-B681-45BF-A4C6-2F443C948A23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{901A16E3-399D-4898-B454-29DC4991361E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{24DB3DB7-C034-4E71-BA60-6093DAD9BFEB}C:\users\izolda\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\izolda\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{3F897B49-94C5-47D3-AE9B-694A1769A61F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{0BD00D63-EA71-45DB-AB38-983598C00870}C:\users\izolda\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\izolda\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{423856C5-18CF-476E-AA2E-68774DB2D46D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{5FAAF154-B112-42B1-B726-C9F084F16E93}" = Ingamba GameGate
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Polish
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Google Chrome" = Google Chrome
"lyrmix@lyrmix.net" = Lyrmix
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Thunderbird 17.0.5 (x86 pl)" = Mozilla Thunderbird 17.0.5 (x86 pl)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Room Arranger" = Room Arranger
"Totalcmd" = Total Commander (Remove or Repair)
"Update Service" = Sony Ericsson Update Service
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2013-06-21 09:03:35 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-06-22 04:00:25 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-06-23 23:18:21 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-06-29 16:57:04 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-07-02 13:47:26 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-07-02 18:36:08 | Computer Name = Izolda-Komputer | Source = Application Hang | ID = 1002
Description = Program VuuPC_setup.exe w wersji 0.0.0.0 zatrzymal interakcje z systemem
Windows i zostal zamkniety. Aby zobaczyc, czy jest dostepnych wiecej informacji
dotyczacych tego problemu, sprawdz historie problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 1380 Godzina rozpoczecia: 01ce777418ff6710 Godzina zakonczenia:
13 Sciezka aplikacji: C:\Users\Izolda\Downloads\VuuPC_setup.exe Identyfikator raportu:
Error - 2013-07-03 03:04:38 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-07-03 10:18:16 | Computer Name = Izolda-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodujacej blad: GUninstaller.exe, wersja: 9.1.2.2,
sygnatura czasowa: 0x51bd7a12 Nazwa modulu powodujacego blad: GUninstaller.exe,
wersja: 9.1.2.2, sygnatura czasowa: 0x51bd7a12 Kod wyjatku: 0xc0000005 Przesuniecie
bledu: 0x000425f0 Identyfikator procesu powodujacego blad: 0x8e8 Godzina uruchomienia
aplikacji powodujacej blad: 0x01ce77f827d6e2c0 Sciezka aplikacji powodujacej blad:
C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe Sciezka modulu
powodujacego blad: C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
Identyfikator
raportu: 66a4a4b0-e3eb-11e2-91d5-002522bc9a22
Error - 2013-07-03 10:18:42 | Computer Name = Izolda-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodujacej blad: GUninstaller.exe, wersja: 9.1.2.2,
sygnatura czasowa: 0x51bd7a12 Nazwa modulu powodujacego blad: GUninstaller.exe,
wersja: 9.1.2.2, sygnatura czasowa: 0x51bd7a12 Kod wyjatku: 0xc0000005 Przesuniecie
bledu: 0x000425f0 Identyfikator procesu powodujacego blad: 0xa10 Godzina uruchomienia
aplikacji powodujacej blad: 0x01ce77f838722310 Sciezka aplikacji powodujacej blad:
C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe Sciezka modulu
powodujacego blad: C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
Identyfikator
raportu: 76611dc0-e3eb-11e2-91d5-002522bc9a22
Error - 2013-07-05 04:07:10 | Computer Name = Izolda-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodujacej blad: GUninstaller.exe, wersja: 9.1.2.2,
sygnatura czasowa: 0x51bd7a12 Nazwa modulu powodujacego blad: GUninstaller.exe,
wersja: 9.1.2.2, sygnatura czasowa: 0x51bd7a12 Kod wyjatku: 0xc0000005 Przesuniecie
bledu: 0x000425f0 Identyfikator procesu powodujacego blad: 0xb4c Godzina uruchomienia
aplikacji powodujacej blad: 0x01ce7956a4a84aa0 Sciezka aplikacji powodujacej blad:
C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe Sciezka modulu
powodujacego blad: C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
Identyfikator
raportu: e3dc4870-e549-11e2-a748-002522bc9a22
[ System Events ]
Error - 2013-06-24 04:33:29 | Computer Name = Izolda-Komputer | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostalo przerwane, poniewaz nie
mozna powiekszyc magazynu kopii w tle z powodu limitu wprowadzonego przez uzytkownika.
Error - 2013-06-24 07:53:57 | Computer Name = Izolda-Komputer | Source = Service Control Manager | ID = 7023
Description = Usluga Publikacja zasobow odnajdowania funkcji zakonczyla dzialanie;
wystapil nastepujacy blad: %%-2147014847
Error - 2013-07-01 05:26:15 | Computer Name = Izolda-Komputer | Source = NetBT | ID = 4321
Description = Nie mozna zarejestrowac nazwy „WORKGROUP :1d” w interfejsie o
adresie IP 194.150.239.18. Komputer o adresie IP 194.150.239.121 nie zezwolil na
przejecie tej nazwy przez ten komputer.
Error - 2013-07-01 12:48:04 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-01 13:00:01 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-01 14:14:54 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-02 04:11:47 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-02 12:29:11 | Computer Name = Izolda-Komputer | Source = EventLog | ID = 6008
Description = Poprzednie zamkniecie systemu przy 18:28:29 na ?2013-?07-?02 bylo
nieoczekiwane.
Error - 2013-07-02 13:06:01 | Computer Name = Izolda-Komputer | Source = BROWSER | ID = 8032
Description =
Error - 2013-07-03 10:20:18 | Computer Name = Izolda-Komputer | Source = EventLog | ID = 6008
Description = Poprzednie zamkniecie systemu przy 16:19:08 na ?2013-?07-?03 bylo
nieoczekiwane.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Izolda\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,58% Memory free
6,00 Gb Paging File | 3,58 Gb Available in Paging File | 59,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,07 Gb Total Space | 85,20 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 35,30 Gb Free Space | 90,37% Space Free | Partition Type: NTFS
Drive E: | 88,49 Gb Total Space | 72,67 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
Drive F: | 110,81 Gb Total Space | 109,42 Gb Free Space | 98,75% Space Free | Partition Type: NTFS
Drive H: | 21,39 Gb Total Space | 15,18 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Computer Name: IZOLDA-KOMPUTER | User Name: Izolda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{352F0624-BCFD-4F45-8761-8AEDF86DF101}" = lport=58695 | protocol=17 | dir=in | name=pando media booster |
"{41A8FEA4-86D1-4A6A-9A83-417072174EE2}" = lport=58695 | protocol=17 | dir=in | name=pando media booster |
"{45447406-8854-4137-9BA2-360D3E05905C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{757243D6-32BF-45E7-9528-E0750725FBAE}" = lport=58695 | protocol=6 | dir=in | name=pando media booster |
"{B5810684-7FFA-4261-82D3-7ABC94C1FD8F}" = lport=58695 | protocol=6 | dir=in | name=pando media booster |
"{C201F5B1-5AE7-479A-B2EE-FE9EBB43D248}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EC5573D-F112-42E4-89EA-687F0B94290C}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{35BC13B9-A433-4E86-875B-81BA06C5ADE4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3767E7F6-FC18-491F-A5FB-E5F67D3A4453}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{478CD348-EF2D-4ED9-98DF-4BEDE5393A79}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{54F535A4-E271-4547-8612-0480CC450A7B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{66AD5983-7A71-40DA-A871-E0062DA8268A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{6B61D682-B681-45BF-A4C6-2F443C948A23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{901A16E3-399D-4898-B454-29DC4991361E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{24DB3DB7-C034-4E71-BA60-6093DAD9BFEB}C:\users\izolda\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\izolda\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{3F897B49-94C5-47D3-AE9B-694A1769A61F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{0BD00D63-EA71-45DB-AB38-983598C00870}C:\users\izolda\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\izolda\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{423856C5-18CF-476E-AA2E-68774DB2D46D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{5FAAF154-B112-42B1-B726-C9F084F16E93}" = Ingamba GameGate
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Polish
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Google Chrome" = Google Chrome
"lyrmix@lyrmix.net" = Lyrmix
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Thunderbird 17.0.5 (x86 pl)" = Mozilla Thunderbird 17.0.5 (x86 pl)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Room Arranger" = Room Arranger
"Totalcmd" = Total Commander (Remove or Repair)
"Update Service" = Sony Ericsson Update Service
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-789164051-474290672-4144500938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2013-06-21 09:03:35 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-06-22 04:00:25 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-06-23 23:18:21 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-06-29 16:57:04 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-07-02 13:47:26 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-07-02 18:36:08 | Computer Name = Izolda-Komputer | Source = Application Hang | ID = 1002
Description = Program VuuPC_setup.exe w wersji 0.0.0.0 zatrzymal interakcje z systemem
Windows i zostal zamkniety. Aby zobaczyc, czy jest dostepnych wiecej informacji
dotyczacych tego problemu, sprawdz historie problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 1380 Godzina rozpoczecia: 01ce777418ff6710 Godzina zakonczenia:
13 Sciezka aplikacji: C:\Users\Izolda\Downloads\VuuPC_setup.exe Identyfikator raportu:
Error - 2013-07-03 03:04:38 | Computer Name = Izolda-Komputer | Source = SideBySide | ID = 16842785
Description = Nie mozna wygenerowac kontekstu aktywacji dla "c:\totalcmd\TCUNIN64.EXE".
Nie
mozna odnalezc zestawu zaleznego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Uzyj
narzedzia sxstrace.exe, aby uzyskac szczegolowa diagnoze.
Error - 2013-07-03 10:18:16 | Computer Name = Izolda-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodujacej blad: GUninstaller.exe, wersja: 9.1.2.2,
sygnatura czasowa: 0x51bd7a12 Nazwa modulu powodujacego blad: GUninstaller.exe,
wersja: 9.1.2.2, sygnatura czasowa: 0x51bd7a12 Kod wyjatku: 0xc0000005 Przesuniecie
bledu: 0x000425f0 Identyfikator procesu powodujacego blad: 0x8e8 Godzina uruchomienia
aplikacji powodujacej blad: 0x01ce77f827d6e2c0 Sciezka aplikacji powodujacej blad:
C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe Sciezka modulu
powodujacego blad: C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
Identyfikator
raportu: 66a4a4b0-e3eb-11e2-91d5-002522bc9a22
Error - 2013-07-03 10:18:42 | Computer Name = Izolda-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodujacej blad: GUninstaller.exe, wersja: 9.1.2.2,
sygnatura czasowa: 0x51bd7a12 Nazwa modulu powodujacego blad: GUninstaller.exe,
wersja: 9.1.2.2, sygnatura czasowa: 0x51bd7a12 Kod wyjatku: 0xc0000005 Przesuniecie
bledu: 0x000425f0 Identyfikator procesu powodujacego blad: 0xa10 Godzina uruchomienia
aplikacji powodujacej blad: 0x01ce77f838722310 Sciezka aplikacji powodujacej blad:
C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe Sciezka modulu
powodujacego blad: C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
Identyfikator
raportu: 76611dc0-e3eb-11e2-91d5-002522bc9a22
Error - 2013-07-05 04:07:10 | Computer Name = Izolda-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodujacej blad: GUninstaller.exe, wersja: 9.1.2.2,
sygnatura czasowa: 0x51bd7a12 Nazwa modulu powodujacego blad: GUninstaller.exe,
wersja: 9.1.2.2, sygnatura czasowa: 0x51bd7a12 Kod wyjatku: 0xc0000005 Przesuniecie
bledu: 0x000425f0 Identyfikator procesu powodujacego blad: 0xb4c Godzina uruchomienia
aplikacji powodujacej blad: 0x01ce7956a4a84aa0 Sciezka aplikacji powodujacej blad:
C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe Sciezka modulu
powodujacego blad: C:\Users\Izolda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
Identyfikator
raportu: e3dc4870-e549-11e2-a748-002522bc9a22
[ System Events ]
Error - 2013-06-24 04:33:29 | Computer Name = Izolda-Komputer | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostalo przerwane, poniewaz nie
mozna powiekszyc magazynu kopii w tle z powodu limitu wprowadzonego przez uzytkownika.
Error - 2013-06-24 07:53:57 | Computer Name = Izolda-Komputer | Source = Service Control Manager | ID = 7023
Description = Usluga Publikacja zasobow odnajdowania funkcji zakonczyla dzialanie;
wystapil nastepujacy blad: %%-2147014847
Error - 2013-07-01 05:26:15 | Computer Name = Izolda-Komputer | Source = NetBT | ID = 4321
Description = Nie mozna zarejestrowac nazwy „WORKGROUP :1d” w interfejsie o
adresie IP 194.150.239.18. Komputer o adresie IP 194.150.239.121 nie zezwolil na
przejecie tej nazwy przez ten komputer.
Error - 2013-07-01 12:48:04 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-01 13:00:01 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-01 14:14:54 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-02 04:11:47 | Computer Name = Izolda-Komputer | Source = bowser | ID = 8003
Description =
Error - 2013-07-02 12:29:11 | Computer Name = Izolda-Komputer | Source = EventLog | ID = 6008
Description = Poprzednie zamkniecie systemu przy 18:28:29 na ?2013-?07-?02 bylo
nieoczekiwane.
Error - 2013-07-02 13:06:01 | Computer Name = Izolda-Komputer | Source = BROWSER | ID = 8032
Description =
Error - 2013-07-03 10:20:18 | Computer Name = Izolda-Komputer | Source = EventLog | ID = 6008
Description = Poprzednie zamkniecie systemu przy 16:19:08 na ?2013-?07-?03 bylo
nieoczekiwane.
< End of report >
Re: Prosim o kontrolu logu



Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o kontrolu logu
Ok jdu na to, ohledne windows jsem odepsal na email.
Re: Prosim o kontrolu logu
Vyreseno v mailu 

Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).