Bardzo niska przepustowość łącza internetowego

**Posty:** 1 · przez **kmlsns** 16 Lis 2014, 12:47

na łączu livebox o przepustowości 20 Mb/s speedtest wykazuje 0.35-0.8 Mb/s. Linia technicznie sprawna, na innych urządzeniach wszystko śmiga jak należy. na podstawie diagnozy w cmd w oparciu o netstat -a technicy z Orange zasugerowali sprawdzenie komputera pod względem złośliwego oprogramowania jako że mogą programy blokować łacze. antywirus niczego nie wykazał.

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014 Ran by kml (administrator) on KML-KOMPUTER on 15-11-2014 15:00:47 Running from C:\Users\kml\Desktop\bezpieczenstwo Loaded Profile: kml (Available profiles: kml) Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Agnitum Ltd.) C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe (Agnitum Ltd.) C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET) HKLM\...\Run: [OutpostMonitor] => C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe [4735312 2014-07-23] (Agnitum Ltd.) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3410090745-3631434425-449840438-1000\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [279008 2010-06-03] (GP Software) HKU\S-1-5-21-3410090745-3631434425-449840438-1000\...\MountPoints2: {f0262360-546d-11e4-ab77-dfc3d95780f9} - K:\SETUP.EXE /AUTORUN AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll => c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook64.dll [1126216 2014-07-23] (Agnitum Ltd.) AppInit_DLLs-x32: c:\progra~1\agnitum\outpos~1\wl_hook.dll => c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll [837304 2014-07-23] (Agnitum Ltd.) Startup: C:\Users\kml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus.lnk ShortcutTarget: Directory Opus.lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF9117710F7E7CF01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [743384 2010-06-03] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [324032 2010-06-03] (GP Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\kml\AppData\Roaming\Mozilla\Firefox\Profiles\n6cwpkv3.default FF NewTab: new:tabs FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Users\kml\AppData\Roaming\Mozilla\Firefox\Profiles\n6cwpkv3.default\searchplugins\yqs-barff-yandex.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml FF Extension: New Tab Homepage - C:\Users\kml\AppData\Roaming\Mozilla\Firefox\Profiles\n6cwpkv3.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-10-23] FF Extension: Adblock Plus - C:\Users\kml\AppData\Roaming\Mozilla\Firefox\Profiles\n6cwpkv3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-14] Chrome: ======= CHR Profile: C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-06] CHR Extension: (Dokumenty Google) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06] CHR Extension: (Dysk Google) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06] CHR Extension: (YouTube) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06] CHR Extension: (Szukaj w Google) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06] CHR Extension: (Arkusze Google) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-06] CHR Extension: (AdBlock) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-06] CHR Extension: (Google Wallet) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06] CHR Extension: (Gmail) - C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acssrv; C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe [3402016 2014-07-23] (Agnitum Ltd.) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 HPSLPSVC; C:\Users\kml\AppData\Local\Temp\7zS3B1E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 afw; C:\Windows\System32\DRIVERS\afw.sys [40544 2012-10-16] (Agnitum Ltd.) R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [469712 2014-06-26] (Agnitum Ltd.) R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed] R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed] R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed] R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R1 SandBox; C:\Windows\system32\drivers\SandBox64.sys [1324992 2013-12-20] (Agnitum Ltd.) R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider) R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.) R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-11-15] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 14:47 - 2014-11-15 14:47 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2014-11-15 13:52 - 2014-11-15 14:02 - 00000000 ____D () C:\AdwCleaner 2014-11-15 13:51 - 2014-11-15 15:00 - 00000000 ____D () C:\Users\kml\Desktop\bezpieczenstwo 2014-11-15 13:45 - 2014-11-15 15:00 - 00000000 ____D () C:\FRST 2014-11-15 13:06 - 2014-11-15 13:06 - 00000000 ____D () C:\Users\kml\AppData\Roaming\PDAppFlex 2014-11-15 00:43 - 2014-11-15 00:44 - 00000000 ____D () C:\Users\kml\Downloads\CrowdInspect 2014-11-15 00:43 - 2014-11-15 00:43 - 00243263 _____ () C:\Users\kml\Downloads\CrowdInspect.zip 2014-11-14 01:50 - 2014-11-14 10:55 - 00000000 ____D () C:\Users\kml\Downloads\ChomikBox 2014-11-14 01:50 - 2014-11-14 03:15 - 686575724 _____ () C:\Users\kml\Desktop\Rozmowy z Bogiem Lektor PL.avi 2014-11-14 01:47 - 2014-11-15 14:06 - 00000000 ____D () C:\Users\kml\AppData\Local\ChomikBox 2014-11-14 01:47 - 2014-11-15 14:04 - 00000000 ____D () C:\Users\kml\.gstreamer-0.10 2014-11-14 01:46 - 2014-11-15 14:48 - 00000000 ____D () C:\Program Files (x86)\ChomikBox 2014-11-14 01:38 - 2014-11-14 01:45 - 28266496 _____ () C:\Users\kml\Downloads\ChomikBox.msi 2014-11-14 01:33 - 2014-11-14 02:30 - 00000000 ____D () C:\Users\kml\Downloads\Conversations.With.God.2006.LiMiTED.DVDRiP.XViD-QuidaM 2014-11-12 08:35 - 2014-11-12 08:35 - 00000412 _____ () C:\Windows\ODBC.INI 2014-11-12 08:34 - 2014-11-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-11-12 08:33 - 2014-11-12 08:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-11-12 08:33 - 2014-11-12 08:33 - 00000000 ____D () C:\Windows\PCHEALTH 2014-11-12 01:04 - 2014-11-12 01:04 - 00306442 _____ () C:\Users\kml\Downloads\visualmagnets.zip 2014-11-12 01:04 - 2014-11-12 01:04 - 00252147 _____ () C:\Users\kml\Downloads\top_secret_kb.zip 2014-11-12 01:04 - 2014-11-12 01:04 - 00032479 _____ () C:\Users\kml\Downloads\army.zip 2014-11-12 01:04 - 2014-11-12 01:04 - 00021843 _____ () C:\Users\kml\Downloads\army_rust.zip 2014-11-12 00:54 - 2014-11-12 00:54 - 01415514 _____ () C:\Users\kml\Downloads\camouflage.zip 2014-11-12 00:53 - 2014-11-12 00:53 - 00037896 _____ () C:\Users\kml\Downloads\coulson.zip 2014-11-12 00:20 - 2014-11-12 00:20 - 01593449 _____ () C:\Users\kml\Desktop\23052243-pusty-szablon-bluza-na-białym-tle.psd 2014-11-11 13:32 - 2014-11-11 13:32 - 00000000 ____D () C:\Program Files (x86)\GUM6FF9.tmp 2014-11-11 02:05 - 2014-11-11 02:05 - 00244208 _____ () C:\Users\kml\Downloads\Firefox Setup Stub 33.1.exe 2014-11-11 01:02 - 2014-11-11 02:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-08 23:57 - 2014-11-09 00:20 - 00001496 _____ () C:\Users\kml\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs 2014-11-06 22:25 - 2014-11-06 22:25 - 03145728 _____ () C:\Users\kml\Desktop\Monitor_LG_22LS4R.part1.rar 2014-11-06 18:56 - 2014-11-06 18:56 - 00000017 _____ () C:\Users\kml\AppData\Local\resmon.resmoncfg 2014-11-06 00:37 - 2014-11-06 00:37 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-06 00:37 - 2014-11-06 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-06 00:23 - 2014-11-06 00:24 - 06000640 _____ () C:\Program Files (x86)\GUT8848.tmp 2014-11-06 00:23 - 2014-11-06 00:23 - 00880272 _____ (Google Inc.) C:\Users\kml\Downloads\ChromeSetup.exe 2014-11-06 00:23 - 2014-11-06 00:23 - 00000000 ____D () C:\Program Files (x86)\GUM8847.tmp 2014-11-05 00:56 - 2014-11-05 01:09 - 00000000 ____D () C:\Users\kml\AppData\Roaming\Free Monitor for Google 2014-11-05 00:56 - 2014-11-05 00:56 - 00001041 _____ () C:\Users\kml\Desktop\Free Monitor for Google (2).lnk 2014-11-05 00:56 - 2014-11-05 00:56 - 00001023 _____ () C:\Users\kml\Desktop\Free Monitor for Google.lnk 2014-11-05 00:56 - 2014-11-05 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Monitor for Google 2014-11-05 00:56 - 2014-11-05 00:56 - 00000000 ____D () C:\Program Files (x86)\Free Monitor for Google 2014-11-05 00:49 - 2014-11-05 00:51 - 01571444 _____ (CleverStat ) C:\Users\kml\Downloads\googlemon.exe 2014-11-05 00:39 - 2014-11-05 00:40 - 00000053 _____ () C:\Users\kml\Desktop\googleccad1ed683865eec.html 2014-11-04 15:43 - 2014-11-15 14:51 - 00302554 _____ () C:\Windows\system32\config\afw_db.conf 2014-11-04 15:43 - 2014-11-15 14:51 - 00000664 _____ () C:\Windows\system32\config\afw_hm.conf 2014-11-03 14:08 - 2014-11-15 15:01 - 00107373 _____ () C:\Windows\system32\config\rules.rdb 2014-11-03 14:07 - 2014-11-03 14:39 - 00119808 _____ () C:\Windows\system32\config\sscan.xas 2014-11-03 14:07 - 2013-12-20 11:18 - 01324992 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\SandBox64.sys 2014-11-03 14:06 - 2014-11-03 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agnitum 2014-11-03 14:06 - 2014-06-26 11:03 - 00469712 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\afwcore.sys 2014-11-03 14:06 - 2012-10-16 16:18 - 00040544 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\afw.sys 2014-11-03 14:02 - 2014-11-03 14:02 - 00000000 ____D () C:\Program Files\Agnitum 2014-11-03 14:01 - 2014-11-03 14:01 - 00000000 ____D () C:\ProgramData\Agnitum 2014-11-03 13:48 - 2014-11-03 13:56 - 38783224 _____ (Agnitum, Ltd. ) C:\Users\kml\Downloads\OutpostProInstall_x64.exe 2014-11-03 00:40 - 2014-11-03 00:41 - 00000000 ____D () C:\Windows\system32\oodag 2014-11-03 00:40 - 2014-11-03 00:40 - 00002497 _____ () C:\Users\Public\Desktop\O&O Defrag.lnk 2014-11-03 00:40 - 2014-11-03 00:40 - 00000000 ____D () C:\Users\kml\AppData\Local\O&O 2014-11-03 00:40 - 2014-11-03 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software 2014-11-03 00:40 - 2014-11-03 00:40 - 00000000 ____D () C:\Program Files\OO Software 2014-11-03 00:38 - 2014-11-03 00:38 - 00000000 ____D () C:\ProgramData\OO Software 2014-11-03 00:27 - 2014-11-03 00:29 - 28871464 _____ (O&O Software GmbH) C:\Users\kml\Downloads\OODefrag18Professional64Enu.exe 2014-11-02 23:05 - 2014-11-02 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-11-02 23:05 - 2014-11-02 23:05 - 00000000 ____D () C:\ProgramData\ESET 2014-11-02 23:05 - 2014-11-02 23:05 - 00000000 ____D () C:\Program Files\ESET 2014-11-02 22:58 - 2014-11-02 23:02 - 73658368 _____ () C:\Users\kml\Downloads\eav_nt64_plk.msi 2014-11-02 22:51 - 2014-11-02 22:57 - 80739895 ____R () C:\Users\kml\Downloads\ESET NOD32 Antivirus 8 Beta-64.bit.rar 2014-11-02 15:38 - 2014-11-13 19:40 - 00000000 ____D () C:\Windows\pss 2014-11-01 01:33 - 2014-11-01 01:35 - 25772520 _____ (Microsoft Corporation) C:\Users\kml\Downloads\wordview_pl-pl.exe 2014-11-01 01:30 - 2014-11-01 01:31 - 00000000 ____D () C:\Users\kml\Desktop\Outy v 2 2014-11-01 01:16 - 2014-11-01 01:16 - 00000000 ____D () C:\Users\kml\Desktop\Outy 2014-10-31 23:20 - 2014-11-03 13:33 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-10-31 16:11 - 2014-10-31 16:11 - 00000000 ____D () C:\Users\kml\AppData\Roaming\OpenFM 2014-10-31 15:46 - 2014-10-31 15:46 - 00000000 ___SD () C:\Users\kml\GG dysk 2014-10-31 15:40 - 2014-11-04 11:50 - 00000000 ____D () C:\Users\kml\AppData\Roaming\GG 2014-10-31 15:40 - 2014-10-31 15:45 - 00000000 ____D () C:\Users\kml\AppData\Local\GG 2014-10-31 15:40 - 2014-10-31 15:40 - 00001101 _____ () C:\Users\kml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk 2014-10-31 15:39 - 2014-10-31 16:11 - 00000000 ____D () C:\Users\kml\AppData\Local\OpenFM 2014-10-31 15:39 - 2014-10-31 15:39 - 00001140 _____ () C:\Users\kml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-10-30 17:58 - 2014-10-30 17:58 - 00395056 _____ () C:\Users\kml\Downloads\gg-install.exe 2014-10-29 02:45 - 2014-10-29 02:45 - 00001238 _____ () C:\Users\kml\AppData\Local\recently-used.xbel 2014-10-29 00:54 - 2014-10-29 16:39 - 00000000 ____D () C:\Users\kml\AppData\Roaming\fpdb 2014-10-29 00:54 - 2014-10-29 16:39 - 00000000 ____D () C:\Users\kml\.matplotlib 2014-10-29 00:44 - 2014-10-29 00:54 - 00000000 ____D () C:\Users\kml\Downloads\fpdb-0.40.5 2014-10-29 00:39 - 2014-10-29 00:41 - 00000000 ____D () C:\Program Files (x86)\HUD 2014-10-29 00:31 - 2014-10-29 00:32 - 19495917 _____ (Igor Pavlov) C:\Users\kml\Downloads\fpdb-0.40.5.exe 2014-10-28 22:28 - 2014-11-13 19:42 - 00000000 ____D () C:\Users\kml\AppData\Local\PokerStars.EU 2014-10-28 22:28 - 2014-10-28 22:28 - 00001982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2014-10-28 22:28 - 2014-10-28 22:28 - 00001976 _____ () C:\Users\Public\Desktop\PokerStars.eu.lnk 2014-10-28 22:28 - 2014-10-28 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU 2014-10-28 22:27 - 2014-11-13 18:08 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU 2014-10-28 22:23 - 2014-10-28 22:25 - 54436888 _____ (PokerStars) C:\Users\kml\Downloads\PokerStarsInstallEU.exe 2014-10-28 17:30 - 2014-10-28 17:31 - 00000000 ____D () C:\Users\kml\Downloads\[AgusiQ-Torrents.pl] Anomalia.2014.PL-K12 [AgusiQ] 2014-10-28 17:27 - 2014-10-28 18:35 - 00000000 ____D () C:\Users\kml\Downloads\Niebiańskie żony lakowych Maryjczyków (2012) PL.HDTV.Xvid-MX 2014-10-28 12:53 - 2014-10-28 12:53 - 00000000 ____D () C:\Users\kml\Desktop\Chic_Sparkles_by_ElvenSword 2014-10-26 23:03 - 2014-10-26 23:03 - 00000000 ____D () C:\Program Files (x86)\GUMFEF4.tmp 2014-10-26 22:36 - 2014-10-26 22:52 - 191397776 _____ () C:\Users\kml\Downloads\DNGConverter_8_6.exe 2014-10-26 22:08 - 2014-11-15 14:53 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-26 22:08 - 2014-11-15 14:24 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-26 22:08 - 2014-11-14 03:19 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-26 22:08 - 2014-11-14 03:19 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-26 22:08 - 2014-10-26 23:03 - 00000000 ____D () C:\ProgramData\Google 2014-10-26 22:08 - 2014-10-26 22:08 - 00000000 ____D () C:\Program Files\Google 2014-10-26 22:07 - 2014-11-06 00:37 - 00000000 ____D () C:\Users\kml\AppData\Local\Google 2014-10-26 22:07 - 2014-11-06 00:36 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-26 22:07 - 2014-10-26 22:08 - 00000000 ____D () C:\Program Files (x86)\GUMB31.tmp 2014-10-26 21:48 - 2014-10-26 21:48 - 00000000 ____D () C:\Users\kml\AppData\Roaming\ACD Systems 2014-10-26 21:48 - 2014-10-26 21:48 - 00000000 ____D () C:\Users\kml\AppData\Local\ACD Systems 2014-10-26 21:43 - 2014-10-26 21:43 - 00000000 ____D () C:\Program Files\ACD Systems 2014-10-26 21:41 - 2014-10-26 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems 2014-10-26 21:41 - 2014-10-26 21:41 - 00000000 ____D () C:\ProgramData\ACD Systems 2014-10-26 21:41 - 2014-10-26 21:41 - 00000000 ____D () C:\Program Files (x86)\ACD Systems 2014-10-26 21:39 - 2014-10-26 21:39 - 00000000 ____D () C:\Users\kml\AppData\Local\Downloaded Installations 2014-10-26 17:18 - 2014-10-26 17:18 - 00000000 ____D () C:\Users\kml\Desktop\brava 2014-10-26 17:17 - 2014-10-26 17:17 - 04129782 _____ () C:\Users\kml\Downloads\schematy elektryczne fiat brava.rar 2014-10-24 23:20 - 2014-10-27 11:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-24 23:20 - 2014-10-24 23:20 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-10-24 23:20 - 2014-10-24 23:20 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-24 15:44 - 2014-10-24 15:44 - 00000000 ____D () C:\Users\kml\Documents\Fax 2014-10-23 20:09 - 2014-10-23 20:09 - 00000193 _____ () C:\Windows\WORDPAD.INI 2014-10-18 10:46 - 2014-10-18 10:46 - 00003114 _____ () C:\Windows\System32\Tasks\{14A6340F-6EDB-42F2-B7ED-58B6C848EED9} 2014-10-18 10:45 - 2014-10-18 10:45 - 02308432 _____ () C:\Users\kml\Downloads\hppiw(1).exe 2014-10-18 10:41 - 2014-10-18 10:41 - 02338824 _____ () C:\Users\kml\Downloads\hppiw.exe 2014-10-18 10:41 - 2014-10-18 10:41 - 00000000 ____D () C:\ProgramData\HP 2014-10-16 21:33 - 2014-10-16 21:33 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-10-16 21:33 - 2014-10-16 21:33 - 00000000 ____D () C:\Users\kml\AppData\Roaming\Foxit Software 2014-10-16 17:49 - 2014-10-16 17:53 - 00000000 ____D () C:\Users\kml\Downloads\Adobe Photoshop CS6 v13.0 Extended Final x86 x64 [PL] [Crack] torrenty.org ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 15:00 - 2009-07-14 18:55 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-11-15 15:00 - 2009-07-14 18:55 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2014-11-15 15:00 - 2009-07-14 06:13 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-15 15:00 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-15 15:00 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-15 14:53 - 2014-10-15 00:15 - 00043362 _____ () C:\Windows\PFRO.log 2014-11-15 14:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-15 14:53 - 2009-07-14 05:51 - 00039615 _____ () C:\Windows\setupact.log 2014-11-15 14:51 - 2014-10-15 00:00 - 00000000 ____D () C:\ProgramData\TEMP 2014-11-15 14:51 - 2014-10-14 16:49 - 00750460 _____ () C:\Windows\WindowsUpdate.log 2014-11-15 14:38 - 2014-10-15 20:51 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2014-11-15 14:02 - 2014-10-15 20:52 - 00000909 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-15 14:02 - 2014-10-15 20:52 - 00000841 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-11-15 12:32 - 2014-10-15 11:05 - 00000000 ____D () C:\Users\kml\AppData\Local\Adobe 2014-11-14 19:51 - 2014-10-14 23:02 - 00000000 ____D () C:\Users\kml\AppData\Roaming\uTorrent 2014-11-14 01:47 - 2014-10-14 22:07 - 00000000 ____D () C:\Users\kml 2014-11-13 19:38 - 2014-10-15 11:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-13 19:38 - 2014-10-15 11:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 14:33 - 2014-10-15 00:01 - 00141832 _____ () C:\Users\kml\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-12 13:35 - 2009-07-14 05:45 - 00493120 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 08:34 - 2009-07-14 19:09 - 00000000 ____D () C:\Windows\ShellNew 2014-11-12 08:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system 2014-11-11 02:37 - 2014-10-14 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-07 17:15 - 2014-10-15 22:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 01:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-04 17:36 - 2014-10-15 10:50 - 00000000 ____D () C:\Users\kml\AppData\Roaming\Adobe 2014-11-03 14:00 - 2014-10-15 21:01 - 00000000 ____D () C:\Program Files (x86)\SAM CoDeC Pack 2014-11-03 13:46 - 2014-10-15 21:05 - 00000000 ____D () C:\Program Files (x86)\Foxit Software 2014-11-01 00:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss 2014-10-27 11:12 - 2014-10-15 10:50 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-27 11:12 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-26 23:03 - 2014-10-15 15:33 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-26 12:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-10-26 12:45 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-24 23:20 - 2014-10-15 10:45 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-10-24 15:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-18 11:13 - 2014-10-15 15:54 - 00000276 _____ () C:\Users\kml\Documents\DesignLibrary_Photoshop.log 2014-10-18 10:43 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-18 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy Files to move or delete: ==================== C:\ProgramData\sdpsenv.dat Some content of TEMP: ==================== C:\Users\kml\AppData\Local\Temp\op_install32.dll C:\Users\kml\AppData\Local\Temp\Quarantine.exe C:\Users\kml\AppData\Local\Temp\sqlite3.dll C:\Users\kml\AppData\Local\Temp\{FE07F567-D6D2-42CA-8750-948184CAAC04}-38.0.2125.111_chrome_installer.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-07 14:45 ==================== End Of Log ============================

Kod: Zaznacz wszystko: OTL logfile created on: 2014-11-15 15:03:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kml\Desktop\bezpieczenstwo 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,19% Memory free 4,00 Gb Paging File | 2,27 Gb Available in Paging File | 56,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 86,53 Gb Total Space | 44,07 Gb Free Space | 50,93% Space Free | Partition Type: NTFS Drive D: | 211,56 Gb Total Space | 25,13 Gb Free Space | 11,88% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 13,26 Gb Free Space | 5,69% Space Free | Partition Type: NTFS Computer Name: KML-KOMPUTER | User Name: kml | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-11-15 14:13:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kml\Desktop\bezpieczenstwo\OTL.exe PRC - [2014-11-13 19:38:50 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe PRC - [2014-11-11 01:02:16 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-10-01 14:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2014-09-12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-08-26 16:15:02 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) -- C:\Program Files (x86)\AOMEI Backupper\ABService.exe PRC - [2010-06-03 10:29:26 | 000,354,232 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-11-13 19:38:49 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll MOD - [2014-11-11 01:02:14 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-10-01 14:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2014-08-29 18:47:42 | 001,660,200 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:[b]64bit:[/b] - [2014-07-23 20:16:18 | 003,402,016 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv) SRV:[b]64bit:[/b] - [2013-04-30 04:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014-11-11 01:02:14 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-10-01 10:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014-10-01 10:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014-09-12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-08-26 16:15:02 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\AOMEI Backupper\ABService.exe -- (Backupper Service) SRV - [2013-07-19 12:01:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\kml\AppData\Local\Temp\7zS3B1E\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2012-07-08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-11-15 14:47:47 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2014-11-07 17:15:05 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:[b]64bit:[/b] - [2014-10-10 08:59:12 | 000,243,440 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2014-10-10 08:59:12 | 000,169,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2014-10-10 08:59:12 | 000,158,968 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2014-10-01 10:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:[b]64bit:[/b] - [2014-10-01 10:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2014-06-26 11:03:30 | 000,469,712 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore) DRV:[b]64bit:[/b] - [2014-01-12 10:05:46 | 000,086,016 | ---- | M] (Nuvoton Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvserial.sys -- (Serial) DRV:[b]64bit:[/b] - [2014-01-12 10:05:46 | 000,023,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvserenum.sys -- (Serenum) DRV:[b]64bit:[/b] - [2013-12-20 11:18:54 | 001,324,992 | ---- | M] (Agnitum Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SandBox64.sys -- (SandBox) DRV:[b]64bit:[/b] - [2013-06-28 21:37:46 | 002,259,248 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:[b]64bit:[/b] - [2013-05-07 13:27:12 | 000,151,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\ammntdrv.sys -- (ammntdrv) DRV:[b]64bit:[/b] - [2013-05-07 13:27:12 | 000,030,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\ambakdrv.sys -- (ambakdrv) DRV:[b]64bit:[/b] - [2013-04-30 05:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2013-04-30 05:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-04-30 03:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2013-02-06 14:52:48 | 000,017,848 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\amwrtdrv.sys -- (amwrtdrv) DRV:[b]64bit:[/b] - [2012-10-16 16:18:34 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (afw) DRV:[b]64bit:[/b] - [2012-02-23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2009-07-16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2007-10-03 13:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:[b]64bit:[/b] - [2007-10-03 13:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:[b]64bit:[/b] - [2007-10-03 13:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 11 77 10 F7 E7 CF 01 [binary data] IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3410090745-3631434425-449840438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/AuthorwarePlayer: C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll (Macromedia, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014-10-14 22:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kml\AppData\Roaming\mozilla\Extensions [2014-11-12 17:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kml\AppData\Roaming\mozilla\Firefox\Profiles\n6cwpkv3.default\extensions [2014-10-23 18:30:32 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\kml\AppData\Roaming\mozilla\firefox\profiles\n6cwpkv3.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-11-12 17:28:48 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\kml\AppData\Roaming\mozilla\firefox\profiles\n6cwpkv3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-15 21:26:39 | 000,002,316 | ---- | M] () -- C:\Users\kml\AppData\Roaming\mozilla\firefox\profiles\n6cwpkv3.default\searchplugins\yqs-barff-yandex.xml [2014-11-11 01:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-11-11 01:02:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\kml\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:[b]64bit:[/b] - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3410090745-3631434425-449840438-1000..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\kml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C881E50D-7B02-40B1-9092-08C368E73710}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook64.dll (Agnitum Ltd.) O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f0262360-546d-11e4-ab77-dfc3d95780f9}\Shell - "" = AutoRun O33 - MountPoints2\{f0262360-546d-11e4-ab77-dfc3d95780f9}\Shell\AutoRun\command - "" = K:\SETUP.EXE /AUTORUN O33 - MountPoints2\{f0262360-546d-11e4-ab77-dfc3d95780f9}\Shell\configure\command - "" = K:\SETUP.EXE O33 - MountPoints2\{f0262360-546d-11e4-ab77-dfc3d95780f9}\Shell\install\command - "" = K:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-11-15 14:47:47 | 000,386,680 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2014-11-15 13:52:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-11-15 13:51:04 | 000,000,000 | ---D | C] -- C:\Users\kml\Desktop\bezpieczenstwo [2014-11-15 13:45:57 | 000,000,000 | ---D | C] -- C:\FRST [2014-11-15 13:06:23 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Roaming\PDAppFlex [2014-11-14 01:47:28 | 000,000,000 | ---D | C] -- C:\Users\kml\.gstreamer-0.10 [2014-11-14 01:47:22 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\ChomikBox [2014-11-14 01:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChomikBox [2014-11-12 08:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2014-11-12 08:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2014-11-12 08:33:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2014-11-12 08:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2014-11-11 01:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014-11-06 01:06:02 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\ElevatedDiagnostics [2014-11-06 00:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2014-11-05 00:56:49 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Roaming\Free Monitor for Google [2014-11-05 00:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Monitor for Google [2014-11-05 00:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Monitor for Google [2014-11-03 14:07:44 | 001,324,992 | ---- | C] (Agnitum Ltd.) -- C:\Windows\SysNative\drivers\SandBox64.sys [2014-11-03 14:06:40 | 000,469,712 | ---- | C] (Agnitum Ltd.) -- C:\Windows\SysNative\drivers\afwcore.sys [2014-11-03 14:06:37 | 000,040,544 | ---- | C] (Agnitum Ltd.) -- C:\Windows\SysNative\drivers\afw.sys [2014-11-03 14:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agnitum [2014-11-03 14:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum [2014-11-03 14:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum [2014-11-03 00:40:41 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\O&O [2014-11-03 00:40:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2014-11-03 00:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2014-11-03 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2014-11-03 00:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software [2014-11-02 23:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2014-11-02 23:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2014-11-02 23:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2014-11-02 15:38:40 | 000,000,000 | ---D | C] -- C:\Windows\pss [2014-11-01 01:30:53 | 000,000,000 | ---D | C] -- C:\Users\kml\Desktop\Outy v 2 [2014-11-01 01:16:20 | 000,000,000 | ---D | C] -- C:\Users\kml\Desktop\Outy [2014-10-31 23:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2014-10-31 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Roaming\OpenFM [2014-10-31 15:46:05 | 000,000,000 | --SD | C] -- C:\Users\kml\GG dysk [2014-10-31 15:40:10 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Roaming\GG [2014-10-31 15:40:01 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\GG [2014-10-31 15:39:55 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\OpenFM [2014-10-29 00:54:46 | 000,000,000 | ---D | C] -- C:\Users\kml\.matplotlib [2014-10-29 00:54:45 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Roaming\fpdb [2014-10-29 00:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HUD [2014-10-28 22:28:02 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\PokerStars.EU [2014-10-28 22:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2014-10-28 22:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU [2014-10-28 12:53:07 | 000,000,000 | ---D | C] -- C:\Users\kml\Desktop\Chic_Sparkles_by_ElvenSword [2014-10-26 22:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2014-10-26 22:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2014-10-26 22:07:58 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\Google [2014-10-26 22:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2014-10-26 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Roaming\ACD Systems [2014-10-26 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\ACD Systems [2014-10-26 21:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems [2014-10-26 21:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2014-10-26 21:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2014-10-26 21:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems [2014-10-26 21:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems [2014-10-26 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Local\Downloaded Installations [2014-10-26 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\kml\Desktop\brava [2014-10-24 23:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2014-10-24 15:44:00 | 000,000,000 | R--D | C] -- C:\Users\kml\Documents\Scanned Documents [2014-10-24 15:44:00 | 000,000,000 | ---D | C] -- C:\Users\kml\Documents\Fax [2014-10-18 10:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2014-10-16 21:33:18 | 000,000,000 | ---D | C] -- C:\Users\kml\AppData\Roaming\Foxit Software [5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-11-15 15:00:35 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-11-15 15:00:35 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-11-15 15:00:16 | 001,668,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-11-15 15:00:16 | 000,739,694 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-11-15 15:00:16 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-11-15 15:00:16 | 000,155,268 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-11-15 15:00:16 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-11-15 14:53:17 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-11-15 14:53:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-11-15 14:53:07 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2014-11-15 14:47:47 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2014-11-15 14:24:03 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-11-14 03:15:51 | 686,575,724 | ---- | M] () -- C:\Users\kml\Desktop\Rozmowy z Bogiem Lektor PL.avi [2014-11-13 19:38:50 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-11-13 19:38:50 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-11-12 23:10:22 | 000,321,877 | ---- | M] () -- C:\Users\kml\Desktop\Nadzieja.jpg [2014-11-12 22:36:38 | 005,246,471 | ---- | M] () -- C:\Users\kml\Desktop\IMG_6629.JPG [2014-11-12 13:35:56 | 000,493,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014-11-12 08:35:23 | 000,000,412 | ---- | M] () -- C:\Windows\ODBC.INI [2014-11-12 00:20:32 | 001,593,449 | ---- | M] () -- C:\Users\kml\Desktop\23052243-pusty-szablon-bluza-na-białym-tle.psd [2014-11-12 00:12:09 | 000,082,333 | ---- | M] () -- C:\Users\kml\Desktop\23052243-pusty-szablon-bluza-na-białym-tle.jpg [2014-11-09 00:20:09 | 000,001,496 | ---- | M] () -- C:\Users\kml\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs [2014-11-07 17:15:05 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-11-06 22:25:47 | 003,145,728 | ---- | M] () -- C:\Users\kml\Desktop\Monitor_LG_22LS4R.part1.rar [2014-11-06 22:01:47 | 003,842,075 | ---- | M] () -- C:\Users\kml\Desktop\LG M228WA_LP69g.pdf [2014-11-06 18:56:49 | 000,000,017 | ---- | M] () -- C:\Users\kml\AppData\Local\resmon.resmoncfg [2014-11-06 00:37:17 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-11-05 02:13:56 | 003,344,810 | ---- | M] () -- C:\Users\kml\Desktop\drewno_20110423_1880286751.jpg [2014-11-05 00:59:02 | 002,197,319 | ---- | M] () -- C:\Users\kml\Desktop\Audyt SEO Vectra.pdf [2014-11-05 00:56:45 | 000,001,041 | ---- | M] () -- C:\Users\kml\Desktop\Free Monitor for Google (2).lnk [2014-11-05 00:56:29 | 000,001,023 | ---- | M] () -- C:\Users\kml\Desktop\Free Monitor for Google.lnk [2014-11-05 00:40:03 | 000,000,053 | ---- | M] () -- C:\Users\kml\Desktop\googleccad1ed683865eec.html [2014-11-04 22:34:28 | 007,075,092 | ---- | M] () -- C:\Users\kml\Desktop\IMG_6433.JPG [2014-11-04 22:32:54 | 008,610,995 | ---- | M] () -- C:\Users\kml\Desktop\IMG_6432.JPG [2014-11-04 19:29:58 | 002,271,670 | ---- | M] () -- C:\Users\kml\Desktop\karina_vintage.jpg [2014-11-03 00:40:21 | 000,002,497 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2014-10-30 14:05:20 | 000,251,741 | ---- | M] () -- C:\Users\kml\Desktop\okladka.jpg [2014-10-29 02:45:31 | 000,001,238 | ---- | M] () -- C:\Users\kml\AppData\Local\recently-used.xbel [2014-10-28 22:28:02 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk [2014-10-24 23:20:14 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014-10-23 22:12:49 | 000,021,326 | ---- | M] () -- C:\Users\kml\Desktop\Nowy dokument sformatowany.rtf [2014-10-23 20:09:16 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-11-14 01:50:38 | 686,575,724 | ---- | C] () -- C:\Users\kml\Desktop\Rozmowy z Bogiem Lektor PL.avi [2014-11-12 23:10:16 | 000,321,877 | ---- | C] () -- C:\Users\kml\Desktop\Nadzieja.jpg [2014-11-12 22:42:34 | 005,246,471 | ---- | C] () -- C:\Users\kml\Desktop\IMG_6629.JPG [2014-11-12 08:35:23 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2014-11-12 00:20:30 | 001,593,449 | ---- | C] () -- C:\Users\kml\Desktop\23052243-pusty-szablon-bluza-na-białym-tle.psd [2014-11-12 00:08:10 | 000,082,333 | ---- | C] () -- C:\Users\kml\Desktop\23052243-pusty-szablon-bluza-na-białym-tle.jpg [2014-11-11 01:42:09 | 009,496,285 | ---- | C] () -- C:\Users\kml\Desktop\Księgi Urantii.pdf [2014-11-08 23:57:11 | 000,001,496 | ---- | C] () -- C:\Users\kml\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs [2014-11-06 22:25:15 | 003,145,728 | ---- | C] () -- C:\Users\kml\Desktop\Monitor_LG_22LS4R.part1.rar [2014-11-06 22:01:40 | 003,842,075 | ---- | C] () -- C:\Users\kml\Desktop\LG M228WA_LP69g.pdf [2014-11-06 18:56:49 | 000,000,017 | ---- | C] () -- C:\Users\kml\AppData\Local\resmon.resmoncfg [2014-11-06 17:50:17 | 002,197,319 | ---- | C] () -- C:\Users\kml\Desktop\Audyt SEO Vectra.pdf [2014-11-06 00:37:17 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-11-05 02:13:10 | 003,344,810 | ---- | C] () -- C:\Users\kml\Desktop\drewno_20110423_1880286751.jpg [2014-11-05 00:56:45 | 000,001,041 | ---- | C] () -- C:\Users\kml\Desktop\Free Monitor for Google (2).lnk [2014-11-05 00:56:29 | 000,001,023 | ---- | C] () -- C:\Users\kml\Desktop\Free Monitor for Google.lnk [2014-11-05 00:39:59 | 000,000,053 | ---- | C] () -- C:\Users\kml\Desktop\googleccad1ed683865eec.html [2014-11-04 22:58:11 | 007,075,092 | ---- | C] () -- C:\Users\kml\Desktop\IMG_6433.JPG [2014-11-04 22:58:07 | 008,610,995 | ---- | C] () -- C:\Users\kml\Desktop\IMG_6432.JPG [2014-11-04 19:29:58 | 002,271,670 | ---- | C] () -- C:\Users\kml\Desktop\karina_vintage.jpg [2014-11-03 14:06:05 | 000,000,049 | ---- | C] () -- C:\Windows\transp.gif [2014-11-03 00:40:21 | 000,002,497 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2014-10-31 15:40:05 | 000,001,101 | ---- | C] () -- C:\Users\kml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk [2014-10-31 15:39:56 | 000,001,140 | ---- | C] () -- C:\Users\kml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk [2014-10-30 14:05:20 | 000,251,741 | ---- | C] () -- C:\Users\kml\Desktop\okladka.jpg [2014-10-29 02:45:31 | 000,001,238 | ---- | C] () -- C:\Users\kml\AppData\Local\recently-used.xbel [2014-10-28 22:28:02 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk [2014-10-26 22:08:07 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-10-26 22:08:04 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-10-24 23:20:13 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014-10-24 23:20:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2014-10-23 22:12:04 | 000,077,742 | ---- | C] () -- C:\Users\kml\Desktop\formaty.jpg [2014-10-23 20:09:16 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2014-10-23 19:47:47 | 000,021,326 | ---- | C] () -- C:\Users\kml\Desktop\Nowy dokument sformatowany.rtf [2014-10-15 21:02:23 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll [2014-10-15 21:02:23 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll [2014-10-15 20:57:17 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2014-10-15 20:57:17 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2014-10-15 20:57:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2014-10-14 22:35:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2014-10-14 22:19:13 | 001,606,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-10-14 16:48:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-02-07 13:22:00 | 000,050,330 | ---- | C] () -- C:\Program Files (x86)\AntiDust.exe [2003-10-06 09:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-10-26 21:48:29 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\ACD Systems [2014-10-15 21:05:38 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\AIMP3 [2014-10-15 20:52:29 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\DAEMON Tools Lite [2014-10-15 21:01:05 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\DRPSu [2014-10-16 21:33:18 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\Foxit Software [2014-10-29 16:39:19 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\fpdb [2014-11-05 01:09:36 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\Free Monitor for Google [2014-11-04 11:50:06 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\GG [2014-10-14 22:29:00 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\GPSoftware [2014-10-31 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\OpenFM [2014-11-15 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\PDAppFlex [2014-10-14 22:50:58 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\Thunderbird [2014-10-15 00:00:29 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\URSoft [2014-11-14 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\kml\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:1CE11B51 @Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2014-11-15 14:18:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kml\Desktop\bezpieczenstwo 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 30,95% Memory free 4,00 Gb Paging File | 2,10 Gb Available in Paging File | 52,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 86,53 Gb Total Space | 44,23 Gb Free Space | 51,11% Space Free | Partition Type: NTFS Drive D: | 211,56 Gb Total Space | 25,13 Gb Free Space | 11,88% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 13,26 Gb Free Space | 5,69% Space Free | Partition Type: NTFS Computer Name: KML-KOMPUTER | User Name: kml | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3410090745-3631434425-449840438-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.) Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( ) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.) Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( ) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0303DC17-AA44-4E67-9A79-41DDEB54A332}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{299BA965-6B68-461E-B631-3E8A446F52B9}" = protocol=17 | dir=in | app=c:\users\kml\appdata\roaming\utorrent\utorrent.exe | "{50D9D3B4-DA17-4CB6-B6AD-E1BDC0FDB82E}" = protocol=6 | dir=in | app=c:\users\kml\appdata\local\temp\7zs3b1e\hppiw.exe | "{7BF9D816-EF25-4B57-8978-6C17365C86DC}" = protocol=6 | dir=in | app=c:\users\kml\appdata\roaming\utorrent\utorrent.exe | "{97322FFD-A1FF-488A-AEB6-FCDAAE0139EB}" = protocol=17 | dir=in | app=c:\users\kml\appdata\local\temp\7zs3b1e\hppiw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit) "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{50C961A1-889F-4A4E-9587-2772A45B6AAD}" = O&O Defrag Professional "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{C8566CCF-0795-4652-9665-42241B1EF38D}" = ESET NOD32 Antivirus "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 9.1 "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 5.11 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}" = GPSoftware Directory Opus "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12 "{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1" = AOMEI Backupper "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Polish "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{C7B52FAF-58D8-438C-B810-F78C3C927504}" = ChomikBox "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "Adobe Shockwave Player + Authorware Web Player" = Adobe Shockwave Player + Authorware Web Player "AIMP3" = AIMP3 "BurnAware Free" = BurnAware Free 6.9.3 "DAEMON Tools Lite" = DAEMON Tools Lite "Free Monitor for Google_is1" = Free Monitor for Google 2.5 "Google Chrome" = Google Chrome "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.0.3.1025 "MozBackup" = MozBackup 1.5.1 "Mozilla Thunderbird 31.2.0 (x86 pl)" = Mozilla Thunderbird 31.2.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nik Collection" = Nik Collection "PokerStars.eu" = PokerStars.eu "YU2010_is1" = Your Uninstaller! 7 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3410090745-3631434425-449840438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DRPSu Updater" = DriverPack Solution Updater "GG" = GG "OpenFM" = OpenFM "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2005-12-31 18:02:27 | Computer Name = kml-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2014-10-26 16:41:58 | Computer Name = kml-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\common files\acd systems\plugins2\CX_Flickr.apl". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-10-26 16:41:58 | Computer Name = kml-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\common files\acd systems\plugins2\CX_Flickr.apl". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-10-26 16:42:04 | Computer Name = kml-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\common files\acd systems\plugins2\CX_Flickr.apl". Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-10-26 17:59:09 | Computer Name = kml-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 15.2.0.230, sygnatura czasowa: 0x5421399f Nazwa modułu powodującego błąd: Color Efex Pro 4.8bf, wersja: 4.3.10.166, sygnatura czasowa: 0x52cc91cf Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000184a81 Identyfikator procesu powodującego błąd: 0x10dc Godzina uruchomienia aplikacji powodującej błąd: 0x01cff161c3d2bcae Ścieżka aplikacji powodującej błąd: D:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe Ścieżka modułu powodującego błąd: C:\Program Files\Google\Nik Collection\Color Efex Pro 4\Color Efex Pro 4 (64-Bit)\Color Efex Pro 4.8bf Identyfikator raportu: 4f87cb3f-5d5b-11e4-95af-001731cecfbc Error - 2014-11-02 15:20:02 | Computer Name = kml-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: dopus.exe, wersja: 4.0.2.23, sygnatura czasowa: 0x4c074e64 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5be02b Kod wyjątku: 0xc000041d Przesunięcie błędu: 0x0000000000054100 Identyfikator procesu powodującego błąd: 0x8fc Godzina uruchomienia aplikacji powodującej błąd: 0x01cff6ccf0f371e2 Ścieżka aplikacji powodującej błąd: C:\Program Files\GPSoftware\Directory Opus\dopus.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 3e19e494-62c5-11e4-92fb-001731cecfbc Error - 2014-11-12 18:14:15 | Computer Name = kml-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 33.1.0.5423, sygnatura czasowa: 0x545c0a59 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 33.1.0.5423, sygnatura czasowa: 0x545be5ee Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001425 Identyfikator procesu powodującego błąd: 0x884 Godzina uruchomienia aplikacji powodującej błąd: 0x01cffebe9e8057f9 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Identyfikator raportu: 3c655202-6ab9-11e4-a97b-f6cd620babec [ System Events ] Error - 2014-11-14 20:18:12 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi IePlugin Services z powodu następującego błędu: %%2 Error - 2014-11-15 07:21:43 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi IePlugin Services z powodu następującego błędu: %%2 Error - 2014-11-15 09:02:15 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa AMD External Events Utility niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2014-11-15 09:02:15 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa O&O Defrag niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2014-11-15 09:02:15 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa AOMEI Backupper Scheduler Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2014-11-15 09:02:15 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2014-11-15 09:02:16 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2014-11-15 09:02:17 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2014-11-15 09:03:16 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7038 Description = Usługa Spooler nie może zalogować się jako NT AUTHORITY\SYSTEM za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%50 Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error - 2014-11-15 09:03:16 | Computer Name = kml-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Bufor wydruku z powodu następującego błędu: %%1069 < End of report >

**Posty:** 4765 · przez **ordynat** 16 Lis 2014, 13:18

Nic tu nie wskazuje na istnienie jakiejkolwiek infekcji.
Najprawdopodobniej to któryś z Twoich programów jest winny za problem. Może NOD, może Outpost Firewall, może jakiś inny - trudno zgadnąć.

Kosmetyka:
Otwórz Notatnik i wklej w nim:

C:\ProgramData\sdpsenv.dat
FF SearchPlugin: C:\Users\kml\AppData\Roaming\Mozilla\Firefox\Profiles\n6cwpkv3.default\searchplugins\yqs-barff-yandex.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll No File
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
EmptyTemp:

Plik zapisz pod nazwą [color="#483D8B"]fixlist.txt[/color] i umieść obok FRST. Uruchom FRST i kliknij przycisk Fix.

.