szelo
-
Postów
42 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez szelo
-
-
Witam.
Mam przeczucie, że mogę mieć key loggera zainstalowanego albo inny monitorujący program. Czy mógłbym prosić o spojrzenie na logi z OTL
otl:
extras:
Dzięki za ewentualną pomoc
-
ok ogarne dzisiaj wieczorkiem i odezwe sie jak zrobie
Zrobiłem co kazaliście. Faktycznie problemem byl Symantec, coś mu się popieprzyło i zablokował cały ruch. oto wynik z otl po skrypcie: http://wklejto.pl/116639
Problem zniknął w każdym razie, dzięki za pomoc
-
Tak też zrobię jeżeli nic nie będzie w logach
-
Noda zainstalowałem przed chwila tylko żeby przeskanować dodatkowo, już jest usunięty. A Symantec antywir i firewall działał normalnie cały czas i nie było problemu.
-
Nazwa tematu banalna ale problem jest następujący. Stacjonarny komputer jest podłączony do routera wifi przez kabel oraz może być połączona przez wifi. Oba połączenia dają rezultat POŁĄCZONO. Gdy włączam cokolwiek co wymaga internetu (przeglądarka, aktualizacja windowsa, aktualizacja antywira) pokazuje się brak połączenia w danym programie. Próba wejścia na router 192.168.1.1 tez nic nie daje (komunikat o braku połączenia internetowego). Ale gdy przyszedłem z laptopem połączyłem się po wifi oraz po kablu i wszystko działa. Mogę oglądać strony oraz łączyć się z routerem. Przeskanowałem stacjonare swierzo co zainstalowanym nodem ale nic nie wykrył ( ściągnąłem instalke na lapie i zgrałem na stacjonarke wiec może nie zassał bazy wirusów bo przecież nie ma internetu). Przeskanowałem tez symantec antywirus który był już wcześniej zainstalowany na tym kompie i tez nic nie wykrył.
log z OTL http://www.wklejto.pl/116417
extras: http://www.wklejto.pl/116418
GMER log wstępny http://www.wklejto.pl/116419
Pełny log z GMERA http://www.wklejto.pl/116420
Aha system to windows xp Home edition wersja 2002 , sp 3 32 bit
Pozdrawiam.
P.S. mam nadzieję że o niczym nie zapomniałem
-
Witam. Jeden z moich laptopów zaczął wolno chodzić i gdy wydaje sie mu szybko polecenia to potrafi sie zamulić. Czyściłem ccleanerem ale nic nie dało, wirusów nie ma według noda najnowszego.
system windows vista buisnes 32 bit
logi z OTL
Pozdrawiam
-
jestem pod wrazeniem
wielkie dzieki dziala -
czesc. jestem wlasnie u znajomego zaraz wklejam loga bo udal osie uduchomic systemloka z ta komenda ktora podalas
OTL sie nie uruchomil, plik secur32.dll podmienilem spowrotem, a to jest log z systemlooka x64:
SystemLook 30.07.11 by jpshortstuff
Log created at 17:05 on 08/12/2011 by Adam
Administrator - Elevation successful
========== filefind ==========
Searching for "secur32.dll"
C:\Users\Adam\Desktop\secur32\SECUR32.DLL --a---- 25088 bytes [18:02 06/12/2011] [10:11 24/08/1996] 1B6D1A0A0EDB5B41ADFEE6874F3761EC
C:\Windows\System32\secur32.dll --a---- 94720 bytes [14:17 25/08/2010] [15:12 15/06/2009] 3CDA5BDDDE0DC63907CD56DE7F74F852
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_0032644a183d9898\secur32.dll --a---- 94720 bytes [09:25 02/11/2006] [11:19 02/11/2006] 42F2D0BB87EA6AD26344443A8CB48B6D
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_006d4b9418124aab\secur32.dll --a---- 95232 bytes [14:24 25/08/2010] [07:47 13/02/2009] A153DBDCECC751518A4FB751A0874C66
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_00373bf8183ad660\secur32.dll --a---- 95232 bytes [14:17 25/08/2010] [15:43 15/06/2009] 7C04D1B8FCE3D607B7FF8E8870ADB201
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_0101906d312801c6\secur32.dll --a---- 95232 bytes [14:24 25/08/2010] [07:26 13/02/2009] F9141FCBC65234B0183F5E37ADF53F91
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_00d282d7314a3edc\secur32.dll --a---- 95232 bytes [14:27 25/08/2010] [15:46 15/06/2009] 2EEB462220AC39E44E02B26F0DB0A2F0
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_00fbc3d9312b9991\secur32.dll --a---- 95232 bytes [14:17 25/08/2010] [18:02 10/09/2009] CF3C78342077960C1E13258971CEC595
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_026926461528a96c\secur32.dll --a---- 94208 bytes [13:56 25/08/2010] [22:04 18/01/2008] A6F16398AE7BCA9EDC5D58930F7977D6
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_02635b98152c3e5e\secur32.dll --a---- 94720 bytes [14:24 25/08/2010] [08:57 13/02/2009] 8F02ABEA663513D7CBC0EAB69A27CCF2
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_021f7b32155f99ff\secur32.dll --a---- 94720 bytes [14:17 25/08/2010] [15:46 15/06/2009] F293FFFD27861570B885DB3DAD275322
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_02ad19252e799f25\secur32.dll --a---- 94720 bytes [14:24 25/08/2010] [08:54 13/02/2009] 0BA1D32BD5206BB874651537A6F0E687
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_02bcb9272e6ecc60\secur32.dll --a---- 94720 bytes [14:27 25/08/2010] [15:17 15/06/2009] 791F79BCD8CBB6A279C5F3AB0A2DB6E5
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_02effd0d2e47247b\secur32.dll --a---- 94720 bytes [14:17 25/08/2010] [13:41 09/09/2009] 19C43B2D1841A7A3FDBD701414752D5A
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_04549f52124a74b8\secur32.dll --a---- 94720 bytes [16:30 25/08/2010] [22:11 10/04/2009] 97336AD6190E2AD0AE7276D5154B6445
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_041a8e8e12769b11\secur32.dll --a---- 94720 bytes [14:17 25/08/2010] [15:12 15/06/2009] 3CDA5BDDDE0DC63907CD56DE7F74F852
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_04a52ba32b935432\secur32.dll --a---- 94720 bytes [14:27 25/08/2010] [15:12 15/06/2009] FB2FD0260980D8132BA451117D2CBDBE
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_04c69d972b7a16dd\secur32.dll --a---- 94720 bytes [14:17 25/08/2010] [20:45 10/09/2009] C1B1CCB293E602DCCE74F3A4CF8D414C
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_0a870e9c4c9e5a93\secur32.dll --a---- 77312 bytes [12:13 02/11/2006] [09:44 02/11/2006] FB4478E2168CD1BEF56371D0B0EB0907
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_0ac1f5e64c730ca6\secur32.dll --a---- 77312 bytes [14:24 25/08/2010] [07:25 13/02/2009] 1C88461C0B454D869ABCD41B7767E3ED
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_0a8be64a4c9b985b\secur32.dll --a---- 77312 bytes [14:17 25/08/2010] [15:30 15/06/2009] B616A2A23453B21CE8C6B829B1FFD178
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_0b563abf6588c3c1\secur32.dll --a---- 77312 bytes [14:24 25/08/2010] [07:16 13/02/2009] 2A3A97BD8C417D5AEA7DEA8B46734DF0
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_0b272d2965ab00d7\secur32.dll --a---- 77312 bytes [14:27 25/08/2010] [15:09 15/06/2009] A050118CC7912F7A9602B7C62F4FB594
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_0b506e2b658c5b8c\secur32.dll --a---- 77312 bytes [14:17 25/08/2010] [17:31 10/09/2009] F8CC4D7C322F213D0E889BB94914716A
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_0cbdd09849896b67\secur32.dll --a---- 76800 bytes [13:56 25/08/2010] [21:32 18/01/2008] 510703CDE2E69E483FBF330101134B3A
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_0cb805ea498d0059\secur32.dll --a---- 76800 bytes [14:24 25/08/2010] [08:47 13/02/2009] 501926DD7C514A2A622BC147881A8C69
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_0c74258449c05bfa\secur32.dll --a---- 76800 bytes [14:17 25/08/2010] [15:25 15/06/2009] AE15F258520720056E4C815F466BE8C1
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_0d01c37762da6120\secur32.dll --a---- 76800 bytes [14:24 25/08/2010] [08:19 13/02/2009] F502C65F8BB975B4D2F55B91BCD2B059
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_0d11637962cf8e5b\secur32.dll --a---- 76800 bytes [14:27 25/08/2010] [15:26 15/06/2009] CBF10DEDFFBEC369349A7DCAB914CD4E
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_0d44a75f62a7e676\secur32.dll --a---- 76800 bytes [14:17 25/08/2010] [13:17 09/09/2009] CF48BECF61731C62175DC0E6E9DCC8A5
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_0ea949a446ab36b3\secur32.dll --a---- 77312 bytes [16:30 25/08/2010] [21:26 10/04/2009] 7BC0997C62B9FF56D63EAD4B66E55861
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_0ef9d5f55ff4162d\secur32.dll --a---- 77312 bytes [14:27 25/08/2010] [15:00 15/06/2009] 22685C8F3E4361FD339055D9BC250E07
C:\Windows\winsxs\wow64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_0f1b47e95fdad8d8\secur32.dll --a---- 77312 bytes [14:17 25/08/2010] [17:10 10/09/2009] 102D2452D1BC1099849C2641DFC843B8
-= EOF =-
-
Skanujac kompa kolegi postanowilem przeskanowac swojego
I wyżej wymieniony skaner znalazł mi jakies syfy z którymi nie potrafi nic zdzialac. moj system to oryginalny windows 7 PRO wersja angielska 32 bityOgólnie nic sie nie dzije z kompem tylko te wyniki skanowania :/
OTL Extras logfile created on: 2011-12-07 18:10:44 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\szelo\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,28% Memory free 6,00 Gb Paging File | 3,81 Gb Available in Paging File | 63,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 15,84 Gb Free Space | 10,63% Space Free | Partition Type: NTFS Drive D: | 137,32 Gb Total Space | 20,06 Gb Free Space | 14,61% Space Free | Partition Type: NTFS Drive G: | 11,73 Gb Total Space | 2,48 Gb Free Space | 21,18% Space Free | Partition Type: NTFS Computer Name: SZELO-PC | User Name: szelo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{17736C93-2694-488B-9F8A-0CA46E952FDD}" = Wonderware InTouch "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CD25EFF-907C-463F-A5C6-E48C5E566D68}" = Ace of Spades "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{650E4124-292E-4638-944C-99A880C9D0F0}" = Oracle VM VirtualBox 4.1.6 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EAA5ED-7DDF-4647-8F90-C746BEB246F8}" = LG United Mobile Drivers "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.6 - Polish "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB87675F-5281-4767-A54B-31931794C23D}" = OpenOffice.org 3.3 "{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3 "{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BandiMPEG1" = Bandisoft MPEG-1 Decoder "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full) "LG PC Suite IV" = LG PC Suite IV "LOLReplay" = LOLReplay "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Miranda GG" = Miranda GG 0.8.27 "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 1836) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Orcs Must Die!_is1" = Orcs Must Die! "PunkBusterSvc" = PunkBuster Services "SkanerOnline" = Skaner on-line mks_vir "SpeedFan" = SpeedFan (remove only) "Steam App 10" = Counter-Strike "Steam App 102200" = Runespell: Overture "Steam App 110400" = inMomentum "Steam App 12750" = GRID "Steam App 24240" = PAYDAY: The Heist "Steam App 440" = Team Fortress 2 "Steam App 4540" = Titan Quest "Steam App 4550" = Titan Quest: Immortal Throne "Steam App 570" = Dota 2 "Steam App 90530" = Rise of Immortals "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 6" = TeamViewer 6 "Tunngle beta_is1" = Tunngle beta "Uplink" = Uplink "uTorrent" = µTorrent "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = WinRAR 4.01 (32-bitowy) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-4103703788-544303205-2323553924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >OTL logfile created on: 2011-12-07 18:10:44 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\szelo\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,28% Memory free 6,00 Gb Paging File | 3,81 Gb Available in Paging File | 63,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 15,84 Gb Free Space | 10,63% Space Free | Partition Type: NTFS Drive D: | 137,32 Gb Total Space | 20,06 Gb Free Space | 14,61% Space Free | Partition Type: NTFS Drive G: | 11,73 Gb Total Space | 2,48 Gb Free Space | 21,18% Space Free | Partition Type: NTFS Computer Name: SZELO-PC | User Name: szelo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-12-07 13:18:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\szelo\Downloads\OTL.exe PRC - [2011-11-05 07:08:00 | 000,372,736 | ---- | M] () -- C:\Users\szelo\Desktop\easy_shutdown_scheduler.exe PRC - [2011-11-03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011-11-01 09:52:08 | 000,040,960 | ---- | M] () -- C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE PRC - [2011-10-22 09:13:16 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-10-15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011-10-15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-10-14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe PRC - [2011-09-19 17:21:45 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe PRC - [2011-08-02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-02-19 12:46:34 | 004,431,016 | ---- | M] (Thorvald Natvig) -- C:\Program Files\Mumble\mumble.exe PRC - [2010-11-20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-07-29 20:04:22 | 000,785,503 | ---- | M] ( ) -- C:\Program Files\Miranda GG\miranda32.exe PRC - [2008-11-14 21:42:00 | 000,032,845 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files\Common Files\ArchestrA\NTServApp.exe PRC - [2008-09-24 10:49:56 | 000,049,152 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files\Common Files\ArchestrA\slssvc.exe PRC - [2008-06-20 06:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-11-15 06:39:54 | 000,420,920 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll MOD - [2011-11-15 06:39:53 | 003,702,840 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll MOD - [2011-11-15 06:38:32 | 000,518,200 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\libglesv2.dll MOD - [2011-11-15 06:38:31 | 000,112,696 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\libegl.dll MOD - [2011-11-15 06:38:16 | 000,122,952 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll MOD - [2011-11-15 06:38:15 | 000,222,280 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll MOD - [2011-11-15 06:38:14 | 001,746,504 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll MOD - [2011-11-15 03:36:18 | 008,593,056 | ---- | M] () -- C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll MOD - [2011-11-13 09:54:02 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll MOD - [2011-11-13 09:53:59 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll MOD - [2011-11-13 09:53:57 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll MOD - [2011-11-13 09:53:55 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll MOD - [2011-11-13 09:53:53 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll MOD - [2011-11-05 07:08:00 | 000,372,736 | ---- | M] () -- C:\Users\szelo\Desktop\easy_shutdown_scheduler.exe MOD - [2011-11-01 09:52:08 | 000,040,960 | ---- | M] () -- C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE MOD - [2011-10-24 10:36:23 | 000,020,848 | ---- | M] () -- C:\Program Files\Mumble\plugins\bfbc2.dll MOD - [2011-10-16 07:03:18 | 000,037,744 | ---- | M] () -- C:\Program Files\Mumble\plugins\css.dll MOD - [2011-10-13 08:40:11 | 000,022,384 | ---- | M] () -- C:\Program Files\Mumble\plugins\lotro.dll MOD - [2011-09-19 17:18:19 | 000,071,336 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\manual.dll MOD - [2011-09-19 17:18:19 | 000,037,544 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\hl2dm.dll MOD - [2011-09-19 17:18:19 | 000,031,912 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\tf2.dll MOD - [2011-09-19 17:18:19 | 000,031,400 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\wow.dll MOD - [2011-09-19 17:18:19 | 000,023,208 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\sto.dll MOD - [2011-09-19 17:18:19 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\wolfet.dll MOD - [2011-09-19 17:18:19 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\ut3.dll MOD - [2011-09-19 17:18:19 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\ut2004.dll MOD - [2011-09-19 17:18:19 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\codmw2so.dll MOD - [2011-09-19 17:18:18 | 000,037,544 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\dys.dll MOD - [2011-09-19 17:18:18 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\codmw2.dll MOD - [2011-09-19 17:18:17 | 000,037,544 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\dods.dll MOD - [2011-09-19 17:18:17 | 000,022,696 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\l4d.dll MOD - [2011-09-19 17:18:17 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\gtaiv.dll MOD - [2011-09-19 17:18:17 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\cod5.dll MOD - [2011-09-19 17:18:16 | 000,037,544 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\insurgency.dll MOD - [2011-09-19 17:18:16 | 000,037,544 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\gmod.dll MOD - [2011-09-19 17:18:16 | 000,023,208 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\cod4.dll MOD - [2011-09-19 17:18:16 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\cod2.dll MOD - [2011-09-19 17:18:16 | 000,019,112 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\link.dll MOD - [2011-09-19 17:18:15 | 000,023,720 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\borderlands.dll MOD - [2011-09-19 17:18:15 | 000,022,696 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\l4d2.dll MOD - [2011-09-19 17:18:15 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\breach.dll MOD - [2011-09-19 17:18:14 | 000,038,768 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\bf2.dll MOD - [2011-09-19 17:18:14 | 000,037,544 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\aoc.dll MOD - [2011-09-19 17:18:14 | 000,023,208 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\etqw.dll MOD - [2011-09-19 17:18:14 | 000,022,184 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\cs.dll MOD - [2011-09-19 17:18:14 | 000,020,648 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\bf1942.dll MOD - [2011-09-19 17:18:14 | 000,020,136 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\bfheroes.dll MOD - [2011-09-19 17:18:13 | 000,022,184 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\bf2142.dll MOD - [2011-09-19 17:18:13 | 000,020,136 | ---- | M] () -- C:\Users\szelo\AppData\Roaming\Mumble\Plugins\arma2.dll MOD - [2011-08-29 09:00:00 | 003,578,880 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax MOD - [2011-08-25 16:05:12 | 005,522,808 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-53.dll MOD - [2011-08-25 16:05:12 | 000,285,511 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll MOD - [2011-08-25 16:05:12 | 000,214,629 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll MOD - [2011-02-19 12:47:20 | 000,168,104 | ---- | M] () -- C:\Program Files\Mumble\speex.dll MOD - [2011-02-19 12:47:14 | 000,129,192 | ---- | M] () -- C:\Program Files\Mumble\mumble_ol.dll MOD - [2011-02-19 12:47:08 | 000,079,528 | ---- | M] () -- C:\Program Files\Mumble\celt0.0.7.0.sse2.dll MOD - [2011-02-19 12:46:56 | 000,094,888 | ---- | M] () -- C:\Program Files\Mumble\celt0.0.11.0.sse2.dll MOD - [2011-01-10 18:32:04 | 001,070,760 | ---- | M] () -- C:\Program Files\Mumble\libprotobuf.dll MOD - [2011-01-10 18:30:54 | 000,042,152 | ---- | M] () -- C:\Program Files\Mumble\QtPlugins\iconengines\qsvgicon4.dll MOD - [2011-01-10 18:30:40 | 000,308,904 | ---- | M] () -- C:\Program Files\Mumble\QtPlugins\imageformats\qtiff4.dll MOD - [2011-01-10 18:30:28 | 000,027,816 | ---- | M] () -- C:\Program Files\Mumble\QtPlugins\imageformats\qsvg4.dll MOD - [2011-01-10 18:30:18 | 000,246,952 | ---- | M] () -- C:\Program Files\Mumble\QtPlugins\imageformats\qmng4.dll MOD - [2011-01-10 18:30:08 | 000,208,552 | ---- | M] () -- C:\Program Files\Mumble\QtPlugins\imageformats\qjpeg4.dll MOD - [2011-01-10 18:29:58 | 000,034,472 | ---- | M] () -- C:\Program Files\Mumble\QtPlugins\imageformats\qico4.dll MOD - [2011-01-10 18:29:48 | 000,032,424 | ---- | M] () -- C:\Program Files\Mumble\QtPlugins\imageformats\qgif4.dll MOD - [2011-01-10 18:21:10 | 008,223,744 | ---- | M] () -- C:\Program Files\Mumble\QtGui4.dll MOD - [2010-12-04 14:47:38 | 000,957,952 | ---- | M] () -- C:\Program Files\Mumble\QtNetwork4.dll MOD - [2010-11-09 20:46:08 | 000,271,360 | ---- | M] () -- C:\Program Files\Mumble\QtSvg4.dll MOD - [2010-11-09 20:39:20 | 000,691,712 | ---- | M] () -- C:\Program Files\Mumble\QtOpenGL4.dll MOD - [2010-11-09 20:24:58 | 000,679,936 | ---- | M] () -- C:\Program Files\Mumble\QtSql4.dll MOD - [2010-11-09 20:05:58 | 000,342,528 | ---- | M] () -- C:\Program Files\Mumble\QtXml4.dll MOD - [2010-11-09 20:05:46 | 002,343,424 | ---- | M] () -- C:\Program Files\Mumble\QtCore4.dll MOD - [2010-10-04 00:50:48 | 002,259,968 | ---- | M] () -- C:\Program Files\Mumble\libsndfile-1.dll MOD - [2010-07-29 20:03:46 | 000,200,704 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\tipper.dll MOD - [2010-07-29 20:03:46 | 000,157,696 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\versioninfo.dll MOD - [2010-07-29 20:03:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\rss.dll MOD - [2010-07-29 20:02:46 | 000,066,145 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\avs.dll MOD - [2010-07-29 20:02:46 | 000,053,248 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\avatarhistory.dll MOD - [2010-07-29 19:37:14 | 000,054,371 | ---- | M] () -- C:\Program Files\Miranda GG\zlib.dll MOD - [2010-07-29 19:37:14 | 000,036,972 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\dbx_mmap.dll MOD - [2010-07-29 19:15:58 | 000,068,096 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\mRadio.dll MOD - [2010-07-29 19:15:58 | 000,045,056 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\mtextcontrolw.dll MOD - [2010-07-29 19:15:58 | 000,044,544 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\mSecure.dll MOD - [2010-07-29 19:15:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\extendedIdle.dll MOD - [2010-07-29 19:15:56 | 000,110,592 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\Variables.dll MOD - [2010-07-29 19:15:56 | 000,040,960 | ---- | M] () -- C:\Program Files\Miranda GG\plugins\NewEventNotify.dll MOD - [2010-07-09 06:41:42 | 002,359,296 | ---- | M] () -- C:\Program Files\Mumble\libmysql.dll MOD - [2009-10-03 01:50:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.POL MOD - [2009-10-03 01:46:46 | 000,012,288 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\updater.POL MOD - [2009-09-09 14:28:56 | 000,059,904 | ---- | M] () -- C:\Program Files\Mumble\zlib1.dll MOD - [2009-02-27 19:05:50 | 000,049,152 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\WebLink.POL MOD - [2009-02-27 19:02:50 | 001,695,744 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.POL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-11-03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-10-14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2011-09-20 20:26:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011-09-19 17:34:50 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-11-14 23:19:46 | 000,080,688 | ---- | M] (Invensys Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArchestrA\wwnetdde.exe -- (WWNetDDE) SRV - [2008-11-14 21:42:00 | 000,032,845 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\NTServApp.exe -- (FS Service Control) SRV - [2008-10-31 22:36:40 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe -- (aaLogger) SRV - [2008-09-24 10:49:56 | 000,049,152 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\slssvc.exe -- (slssvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-11-04 13:42:02 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011-11-04 13:42:02 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011-11-04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011-11-04 13:42:02 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011-10-15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-09-19 17:09:21 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011-03-18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2010-12-07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010-12-07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010-12-07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010-12-07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009-07-13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009-07-13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2008-04-19 02:29:00 | 000,894,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2007-11-09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007-02-15 14:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec) DRV - [2007-01-24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2006-12-21 06:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4103703788-544303205-2323553924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\szelo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\szelo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\szelo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\szelo\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\szelo\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Smooth Gestures = C:\Users\szelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.10_0\ CHR - Extension: Smooth Gestures = C:\Users\szelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.11_0\ CHR - Extension: Sprawdzanie poczty Google = C:\Users\szelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: ChromeReload = C:\Users\szelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.5_0\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE () O4 - HKLM..\Run: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKU\S-1-5-21-4103703788-544303205-2323553924-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4103703788-544303205-2323553924-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4103703788-544303205-2323553924-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.) O4 - HKU\S-1-5-21-4103703788-544303205-2323553924-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1001\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1001\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1001\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-21-4103703788-544303205-2323553924-1001\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE195CD-58C7-41FF-A31C-20DEF067066B}: DhcpNameServer = 62.179.1.62 62.179.1.63 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{44a91304-fd72-11e0-adc3-001eec37219d}\Shell - "" = AutoRun O33 - MountPoints2\{44a91304-fd72-11e0-adc3-001eec37219d}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-12-07 12:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2011-12-06 16:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Magiczne Bloczki [2011-12-06 14:31:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-12-06 14:25:49 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2011-12-06 14:25:49 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011-12-06 14:25:49 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2011-12-06 14:25:49 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2011-12-06 14:25:49 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011-12-06 14:25:49 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011-12-06 14:25:49 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011-12-06 14:25:49 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011-12-05 17:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit [2011-12-05 17:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs [2011-12-05 17:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\SplitMediaLabs [2011-12-05 17:33:48 | 000,000,000 | ---D | C] -- C:\Users\szelo\AppData\Roaming\SplitMediaLabs [2011-11-30 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\szelo\Desktop\AF [2011-11-15 07:24:38 | 000,000,000 | ---D | C] -- C:\Users\szelo\VirtualBox VMs [2011-11-15 07:22:52 | 000,000,000 | ---D | C] -- C:\Users\szelo\.VirtualBox [2011-11-15 07:19:17 | 000,158,512 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys [2011-11-15 07:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2011-11-15 07:19:06 | 000,091,440 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys [2011-11-15 07:19:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011-11-15 07:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2011-11-14 13:35:56 | 000,000,000 | ---D | C] -- C:\PG5 Projects [2011-11-13 21:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades [2011-11-13 21:34:36 | 000,000,000 | ---D | C] -- C:\Ace of Spades [2011-11-13 18:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\STEP 7-MicroWIN 32 [2011-11-13 18:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011-11-13 18:20:13 | 000,000,000 | ---D | C] -- C:\Windows\Cache [2011-11-13 18:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\SAIA-Burgess [2011-11-09 08:07:27 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-12-07 18:13:13 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-12-07 18:13:13 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-12-07 18:02:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103703788-544303205-2323553924-1000UA.job [2011-12-07 17:41:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-12-07 13:15:52 | 000,032,847 | ---- | M] () -- C:\Users\szelo\Desktop\qweeee.jpg [2011-12-07 12:12:01 | 000,661,892 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-12-07 12:12:01 | 000,125,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-12-07 08:02:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103703788-544303205-2323553924-1000Core.job [2011-12-06 21:18:09 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-12-06 14:19:28 | 000,000,216 | ---- | M] () -- C:\Users\szelo\Desktop\inMomentum.url [2011-12-03 18:49:34 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2011-12-01 10:11:26 | 000,000,213 | ---- | M] () -- C:\Users\szelo\Desktop\Dota 2.url [2011-11-30 18:20:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011-11-30 18:19:59 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini [2011-11-30 18:19:21 | 000,293,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-11-30 18:18:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011-11-27 18:06:53 | 000,001,939 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2011-11-27 18:06:53 | 000,001,847 | ---- | M] () -- C:\Users\szelo\Desktop\LOL Recorder.lnk [2011-11-27 10:21:06 | 000,000,215 | ---- | M] () -- C:\Users\szelo\Desktop\PAYDAY The Heist.url [2011-11-20 10:35:42 | 000,002,359 | ---- | M] () -- C:\Users\szelo\Desktop\Google Chrome.lnk [2011-11-15 15:09:21 | 000,000,212 | ---- | M] () -- C:\Users\szelo\Desktop\Counter-Strike.url [2011-11-15 07:19:17 | 000,001,100 | ---- | M] () -- C:\Users\szelo\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk [2011-11-15 07:19:17 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2011-11-14 13:36:16 | 000,013,234 | ---- | M] () -- C:\Users\szelo\Desktop\Spm - Shortcut.lnk [2011-11-14 13:35:32 | 000,000,708 | ---- | M] () -- C:\SPMOptions.ini [2011-11-14 13:35:32 | 000,000,230 | ---- | M] () -- C:\Windows\System32\SPMCustMenu.ini [2011-11-13 20:02:25 | 000,336,309 | ---- | M] () -- C:\Users\szelo\Desktop\Untitled.jpg [2011-11-13 18:32:35 | 000,000,084 | ---- | M] () -- C:\Windows\Citamis.str [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-12-07 13:15:52 | 000,032,847 | ---- | C] () -- C:\Users\szelo\Desktop\qweeee.jpg [2011-12-06 14:19:28 | 000,000,216 | ---- | C] () -- C:\Users\szelo\Desktop\inMomentum.url [2011-12-06 10:04:03 | 000,000,885 | ---- | C] () -- C:\Users\szelo\Desktop\IAiI_rootCA.der [2011-12-01 10:11:26 | 000,000,213 | ---- | C] () -- C:\Users\szelo\Desktop\Dota 2.url [2011-11-27 18:06:53 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2011-11-27 10:21:06 | 000,000,215 | ---- | C] () -- C:\Users\szelo\Desktop\PAYDAY The Heist.url [2011-11-15 15:09:21 | 000,000,212 | ---- | C] () -- C:\Users\szelo\Desktop\Counter-Strike.url [2011-11-15 07:19:17 | 000,001,100 | ---- | C] () -- C:\Users\szelo\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk [2011-11-15 07:19:17 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2011-11-14 13:36:16 | 000,013,234 | ---- | C] () -- C:\Users\szelo\Desktop\Spm - Shortcut.lnk [2011-11-14 13:35:32 | 000,000,708 | ---- | C] () -- C:\SPMOptions.ini [2011-11-14 13:35:32 | 000,000,230 | ---- | C] () -- C:\Windows\System32\SPMCustMenu.ini [2011-11-13 20:00:11 | 000,336,309 | ---- | C] () -- C:\Users\szelo\Desktop\Untitled.jpg [2011-11-13 18:32:35 | 000,000,084 | ---- | C] () -- C:\Windows\Citamis.str [2011-10-30 08:08:13 | 000,006,656 | ---- | C] () -- C:\Users\szelo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-10-21 16:09:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011-10-09 07:32:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011-10-09 07:32:22 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011-10-06 15:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\licview.INI [2011-09-20 10:45:44 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-09-20 10:45:44 | 000,022,328 | ---- | C] () -- C:\Users\szelo\AppData\Roaming\PnkBstrK.sys [2011-09-20 10:44:57 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-09-20 10:44:55 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-09-20 10:44:54 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011-09-19 17:40:18 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-09-19 17:40:17 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-09-19 17:40:17 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-09-19 17:40:17 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-09-19 17:40:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-05-31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011-05-31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2010-11-20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010-10-05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys [2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 05:33:53 | 000,293,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 03:05:48 | 000,661,892 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 03:05:48 | 000,125,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-03-08 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [1998-12-07 21:11:22 | 000,227,840 | ---- | C] () -- C:\Windows\System32\lmgr325a.dll [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2011-10-06 15:21:34 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\ArchestrA [2011-11-17 12:33:48 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\DAEMON Tools Lite [2011-11-28 02:00:40 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\EurekaLog [2011-09-19 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\LolClient [2011-10-13 10:15:51 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\mm [2011-12-07 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\Mumble [2011-09-20 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\NapiProjekt [2011-09-22 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\OpenOffice.org [2011-12-05 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\SplitMediaLabs [2011-11-26 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\TS3Client [2011-11-02 15:40:08 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\Tunngle [2011-10-22 12:23:14 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\Unity [2011-12-07 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\uTorrent [2011-09-22 10:25:25 | 000,000,000 | ---D | M] -- C:\Users\szelo\AppData\Roaming\WinBatch [2009-07-14 05:53:46 | 000,007,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >http://imageshack.us.../827/mojsa.jpg/ link z wynikiem ze skana z mks'a online ( niestety nie da sie inaczej loga skopiowac)
-
zrobiłem to w ścieżce c/windows/system32. szczerze mowiac nawet nie pomyślałem o tym ze to 64bitowy system i ze moze miec 2 takie pliki dla kazdego rodzaju aplikacji tj 32 i 64 bitowych
log z otl bede mial dzisiaj kolo 21
-
Sprawdze tego otl. Mam kopie zapasową tego pliku secur32.dll więc luzik. Tu jest link do screena:
-
Witam. Natknąłem się dzisiaj na coś dziwnego. znajomy po zainstalowaniu flvplayer czy jakoś tak zainstalował przypadkiem babylon toolbar. Osunął go i odinstalował Po tych czynnościach za każdym razem gdy włącza jakis program dostaje komunikat (screen shot w zalaczonych plikach). Opcja jest taka ze nawet oryginalna panda która miał zainstalowana nie włącza sie teraz po restarcie kompa. Odpaliłem u niego live cd z mini xp i przeskanowałem antywirem noda online i znalazł 6 problemow. 4 z nich to win32/aplication.c, win32/aplication.c win32/aplication.c win32/aplication.a i 2 pliki z toolbarem babylon. po skanowaniu wszystko zostało usunięte. Włączamy znowu kompa i to samo co na screenie nic nie działa. Pomyślałem o podmianie pliku secur32.dll bo i ta juz mi nic nie zostało wiec znowu odpalam live mini xp i bez problemu podmieniam ( dll pobralem ze strony www.dll-files.com) znowu restart i znowu nic nie można zrobić z kompem. Znalazłem coz ze moze to byc problem z dyskiem bądź ramem przeskanowałem je Hirens boot cd 15 i 0 błędów znalazło. Pomyślałem o jakimś Hijack this odpalanym bez instalki (bo przecież nie zainstaluje bo wywala ten komunikat) ale znowu pojawił sie ten komunikat
ogólnie nic .exe nie chce sie odpalić na tym kompie . chce uniknąć reinstalki bo gosciu ma złożona siec w domu. Próbowałem przywracania punktu ale nie chce sie przywrócić nie wiedzieć czemu (ma 5 punktow przywracania systemu i przywrocilem kazdy po koleji ale zawsz byl monit ze nie udalo sie przywrocic punktu.system to windows vista buisnes 64 bit
Macie jakies pomysly ?
-
ok wielkie dzieki. a aplikacja nazywala sie tak jak na tym screenie z chroma jakis player do otwierania filmow z internetu. sciagnalem go bo znajomy wsadzil film i nie moglem go zobacyczac musialem sciagnac ten syf zeby go obejzec. dzieki za pomoc pozdrawiam
-
faktycznie tylko na chromie mi to wyskakuje.zanim zrobilem temat na forum odinstalowalem ta aplikacje po ktorej mi to zaczelo wyskakiwac ale nadal okienko sie pojawialo wiec napisalem do was na forum. mam tu log jescze z Malwarebytes' Anti-Malware:
-
-
Witam. Mam problem mianowicie wyskakujem i ciagle okienko z nod32 antyvirusa ze zablokowane adres url. Wyswietla sie ono zawsze gdy zaladuje sie jakakolwiek strona. Google facbook fixit itd doslownei jakakolwiek. Informacje o zablokowanym url sa zawsze takie same ale z mala zmiana np 1827391273918e182ye/1829718e9182ye918ye/nk.pl.js lub 19ud9812ue812u/129e1u29e8u1928eu/facebook.pl.js itd i ostatnia z cyfr adresu ip sie zmienia port zostaje taki sam 80. Wyglada to tak:
log z OTL:
http://www.wklej.eu/index.php?id=ce2eb6e7c4
Prosze o pomoc. dzieki
Podejrzenie aplikacji monitorującej
w Dział pomocy doraźnej
Opublikowano
Jeżeli chodzi o przeczucie to niestety tylko na tym moge sie opierać. Kopmuter działą sprawnie nic sie z nim niedzieje.
System to windows 7 32-bit.
Gmer: http://wklejto.pl/136390
Mój komputer na kilka dni trafił do rąk obych ludzi przez pomyłke a, że zajmuje sie robieniem przelewów to wole dmuchać na zimne.