Komp zamula, explorer.exe i drwtsn32.exe, sprawdzenie loga

**Posty:** 2 · przez **Matiroshima** 25 Kwi 2013, 18:32

Witam

Mam troche problemów z kompem. Głownie to taki problem że po pewnym czasie gdy robie coś na kompie, strony internetowe dziwnie sie ładują. Przykładowo wpisze "allegro.pl" strona ładuje się jakies 15 sec, ale nic sie nie pojawia kompletnie, nagle wskakuje wszystko i już na allegro moge się poruszać szybko tj. wchodzić w różne działy itd normalnie szybko. Aczkolwiek chce wejśc przykładowo w google.pl to znów ładuję sie długo. Czasem jest podobnie nawet z aplikacjami, np. nie moge włączyć przeglądarki, a po czasie się "odmuli" i właczy się kilka na raz.

Innym problemem jest to że po załadowaniu systemu wyskakuje błąd explorer.exe gdy wcisnę "nie wysyłaj" to pulpit się odświeża i wszystko jest ok, ale czasami przy załadowaniu systemu pojawia się błąd drwtsn32.exe i wtedy cały pulpit się zawiesza i musze właczyć menedżer zadań i wylogować.

Wydaje mi się też ogólnie że mam jakieś złe procesy np. Browserprotector.exe , ale nie znam się na tym to tylko moje spostrzeżenie.

oto logi

GMER

Kod: Zaznacz wszystko: GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-25 17:51:38 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST500DM002-1BD142 rev.KC45 465,76GB Running: tup0qryp.exe; Driver: C:\DOCUME~1\PERLIC~1\USTAWI~1\Temp\ugxdakow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB93A6000, 0x17C39E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\wscntfy.exe[168] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll .text C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe[404] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] ntdll.dll!NtQueryAttributesFile 7C90D6F0 5 Bytes JMP 10069CD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 10069E10 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] ntdll.dll!NtQueryInformationFile 7C90D7B0 5 Bytes JMP 10069C40 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] ntdll.dll!NtQueryValueKey 7C90D950 5 Bytes JMP 10062730 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] ntdll.dll!NtSetInformationFile 7C90DC40 5 Bytes JMP 10069BA0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 100627C0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] kernel32.dll!ReadFile + 211 7C801A23 7 Bytes JMP 10069890 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] kernel32.dll!VirtualFreeEx + 40 7C809BD2 7 Bytes JMP 10069AD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] kernel32.dll!SwitchToFiber + E9 7C8107EB 7 Bytes JMP 100699B0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[416] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 010146C0 C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll .text C:\WINDOWS\system32\HPSIsvc.exe[468] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] ntdll.dll!NtQueryAttributesFile 7C90D6F0 5 Bytes JMP 00A49CD0 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 00A49E10 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] ntdll.dll!NtQueryInformationFile 7C90D7B0 5 Bytes JMP 00A49C40 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] ntdll.dll!NtQueryValueKey 7C90D950 5 Bytes JMP 00A42730 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] ntdll.dll!NtSetInformationFile 7C90DC40 5 Bytes JMP 00A49BA0 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00A427C0 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] kernel32.dll!ReadFile + 211 7C801A23 7 Bytes JMP 00A49890 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] kernel32.dll!VirtualFreeEx + 40 7C809BD2 7 Bytes JMP 00A49AD0 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] kernel32.dll!SwitchToFiber + E9 7C8107EB 7 Bytes JMP 00A499B0 c:\progra~1\mocaflix\sprote~1.dll .text E:\Programy\TP-LINK\TWCU.exe[480] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 015146C0 C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll .text C:\program files\real\realplayer\update\realsched.exe[500] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\program files\real\realplayer\update\realsched.exe[500] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Program Files\Browsers Protector\regmon32.exe[532] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text E:\Programy\Java\bin\jqs.exe[540] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[576] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00BF46C0 C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll .text ... .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 64, 1D, 00] {SUB [EBP+EBX+0x0], AH} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 67, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 64, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 65, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F360 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 66, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 65, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 66, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F3D1 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 64, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F4FF .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 65, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 66, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 67, 1D, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2100] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] ntdll.dll!NtQueryAttributesFile 7C90D6F0 5 Bytes JMP 00CA9CD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 00CA9E10 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] ntdll.dll!NtQueryInformationFile 7C90D7B0 5 Bytes JMP 00CA9C40 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] ntdll.dll!NtQueryValueKey 7C90D950 5 Bytes JMP 00CA2730 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] ntdll.dll!NtSetInformationFile 7C90DC40 5 Bytes JMP 00CA9BA0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00CA27C0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] kernel32.dll!ReadFile + 211 7C801A23 7 Bytes JMP 00CA9890 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] kernel32.dll!VirtualFreeEx + 40 7C809BD2 7 Bytes JMP 00CA9AD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] kernel32.dll!SwitchToFiber + E9 7C8107EB 7 Bytes JMP 00CA99B0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2120] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\ctfmon.exe[2124] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryAttributesFile 7C90D6F0 5 Bytes JMP 00CA9CD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 00CA9E10 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryInformationFile 7C90D7B0 5 Bytes JMP 00CA9C40 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryValueKey 7C90D950 5 Bytes JMP 00CA2730 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtSetInformationFile 7C90DC40 5 Bytes JMP 00CA9BA0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00CA27C0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!ReadFile + 211 7C801A23 7 Bytes JMP 00CA9890 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!VirtualFreeEx + 40 7C809BD2 7 Bytes JMP 00CA9AD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!SwitchToFiber + E9 7C8107EB 7 Bytes JMP 00CA99B0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2500] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryAttributesFile 7C90D6F0 5 Bytes JMP 00CA9CD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 00CA9E10 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryInformationFile 7C90D7B0 5 Bytes JMP 00CA9C40 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryValueKey 7C90D950 5 Bytes JMP 00CA2730 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationFile 7C90DC40 5 Bytes JMP 00CA9BA0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00CA27C0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] kernel32.dll!ReadFile + 211 7C801A23 7 Bytes JMP 00CA9890 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] kernel32.dll!VirtualFreeEx + 40 7C809BD2 7 Bytes JMP 00CA9AD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] kernel32.dll!SwitchToFiber + E9 7C8107EB 7 Bytes JMP 00CA99B0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2720] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 74, 9C, 00] {SUB [ESP+EBX*4+0x0], DH} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 77, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 74, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 75, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B917270 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 76, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 75, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 76, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9172E1 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 74, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91740F .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 75, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 76, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 77, 9C, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2864] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 1C, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 1F, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 1C, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 1D, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B918518 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 1E, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 1D, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 1E, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918589 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 1C, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9186B7 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 1D, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 1E, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 1F, AF, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2956] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 74, 81, 00] {SUB [ECX+EAX*4+0x0], DH} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 77, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 74, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 75, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B915770 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 76, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 75, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 76, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9157E1 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 74, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91590F .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 75, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 76, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 77, 81, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text E:\tup0qryp.exe[3664] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3892] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, D4, B7, 00] {SUB AH, DL; MOV BH, 0x0} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, D7, B7, 00] {SUB BH, DL; MOV BH, 0x0} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, D4, B7, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, D5, B7, 00] {TEST AL, 0xd5; MOV BH, 0x0} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B918DD0 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, D6, B7, 00] {TEST AL, 0xd6; MOV BH, 0x0} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, D5, B7, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, D6, B7, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918E41 .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, D4, B7, 00] {TEST AL, 0xd4; MOV BH, 0x0} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B918F6F .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, D5, B7, 00] {SUB CH, DL; MOV BH, 0x0} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, D6, B7, 00] {SUB DH, DL; MOV BH, 0x0} .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, D7, B7, 00] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3936] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 100046C0 c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [100098B0] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenFile] [10009A20] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [1000C630] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [1000C6A0] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[756] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtCreateKey] [1000C710] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [100098B0] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtCreateKey] [1000C710] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryValueKey] [1000C630] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetValueKey] [1000C6A0] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteValueKey] [1000C910] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtEnumerateKey] [1000C550] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteKey] [1000C8C0] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetInformationFile] [10009BD0] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryInformationFile] [10009470] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteFile] [10009B80] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenFile] [10009A20] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryKey] [10009430] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[1068] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[1068] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[1068] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1108] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1108] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1108] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000C780] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000C840] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\Explorer.EXE[1988] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [10009860] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll IAT C:\WINDOWS\Explorer.EXE[1988] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [100098B0] c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll ---- Devices - GMER 2.1 ---- Device \Driver\Cdrom \Device\CdRom0 8A52D96E Device \Driver\atapi \Device\Ide\IdePort0 8A52F024 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A52F024 Device \Driver\atapi \Device\Ide\IdePort1 8A52F024 Device \Driver\atapi \Device\Ide\IdePort2 8A52F024 Device \Driver\atapi \Device\Ide\IdePort3 8A52F024 Device \Driver\atapi \Device\Ide\IdePort4 8A52F024 Device \Driver\atapi \Device\Ide\IdePort5 8A52F024 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A52F024 Device \Driver\Cdrom \Device\CdRom1 8A52D96E Device \Driver\PrecSim \Device\Scsi\PrecSim1Port0Path0Target0Lun0 8A52F00C Device \Driver\PrecSim \Device\Scsi\PrecSim1 8A52F00C ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a52f024]<< 8a52f024 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a57bab8] 8a57bab8 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x8a532720] 8a532720 Trace 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a52ad98] 8a52ad98 Trace \Driver\atapi[0x8a49a6c8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a52f024 8a52f024 ---- EOF - GMER 2.1 ----

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2013-04-25 17:56:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,57% Memory free 3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,50% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 127,96 Gb Free Space | 87,36% Space Free | Partition Type: NTFS Drive E: | 319,27 Gb Total Space | 186,28 Gb Free Space | 58,35% Space Free | Partition Type: NTFS Computer Name: PRIVATE-4AFB8A4 | User Name: Perliczki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-25 17:54:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2013-04-09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2013-01-16 18:27:06 | 002,550,224 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012-09-19 16:50:47 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Premium\OptimizerPro\OptimizerPro.exe PRC - [2012-09-05 17:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012-04-30 21:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- E:\Programy\Java\bin\jqs.exe PRC - [2012-04-06 11:26:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012-02-15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe PRC - [2012-01-30 22:34:00 | 000,914,584 | ---- | M] (Seiko Epson Corporation) -- C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe PRC - [2010-04-07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe PRC - [2009-10-15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009-10-15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-03-29 16:12:06 | 000,364,544 | ---- | M] () -- E:\Programy\TP-LINK\TWCU.exe PRC - [2005-12-30 08:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-04-09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll MOD - [2013-04-09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013-04-09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013-02-24 11:54:32 | 014,717,808 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll MOD - [2013-01-24 13:20:16 | 001,032,704 | ---- | M] () -- c:\Program Files\SimpleSpeedy\sprotector.dll MOD - [2013-01-24 13:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files\BrowseToSave\sprotector.dll MOD - [2013-01-16 18:27:06 | 002,550,224 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013-01-16 18:26:01 | 002,212,304 | ---- | M] () -- c:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012-10-11 12:54:00 | 000,427,520 | ---- | M] () -- c:\Program Files\MocaFlix\sprotector.dll MOD - [2012-09-19 16:50:47 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Premium\OptimizerPro\OptimizerPro.exe MOD - [2012-02-15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe MOD - [2011-10-04 23:42:36 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32i.dll MOD - [2010-03-04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL MOD - [2010-03-04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll MOD - [2009-06-27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2007-03-02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2006-03-29 16:12:06 | 000,364,544 | ---- | M] () -- E:\Programy\TP-LINK\TWCU.exe MOD - [2006-03-21 09:52:30 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll MOD - [2006-01-20 08:50:52 | 000,094,208 | ---- | M] () -- E:\Programy\TP-LINK\oemres.dll MOD - [2005-12-30 08:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013-01-16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012-09-05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012-04-30 21:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- E:\Programy\Java\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-01-30 22:34:00 | 000,914,584 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe -- (EpsonPEService) SRV - [2010-04-07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService) SRV - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2009-10-15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2005-12-30 08:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\PERLIC~1\USTAWI~1\Temp\ugxdakow.sys -- (ugxdakow) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-02-08 12:10:39 | 000,071,680 | ---- | M] (Seiko Epson Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EpsCe.sys -- (EpsCe) DRV - [2010-04-30 10:56:24 | 006,032,928 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010-04-27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010-03-06 01:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews) DRV - [2010-03-04 12:02:10 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010-03-04 12:02:08 | 000,070,912 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009-11-18 01:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 01:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2007-12-21 05:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-04-16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006-12-28 18:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2005-12-21 10:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2002-05-22 01:00:00 | 000,069,600 | ---- | M] (Engelmann GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\precsim.sys -- (PrecSim) DRV - [2002-05-22 01:00:00 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.greatresults.info/ IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuzyyEtD0CyC0D0B0FtByDtAyCtC0ByCzytN0D0Tzu0CtAtDyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=13755735 IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms} IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=bc1b1b69000000000000940c6dbf2536 IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes,DefaultScope = {C745E4AD-98C5-438d-8ED4-C0042D27E425} IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=bc1b1b69000000000000940c6dbf2536 IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes\{4EDDF9AB-01F7-4399-B254-FFD3430BEB8B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes\{9D290DE2-08C6-45fe-BBAE-896FB24A6E39}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuzyyEtD0CyC0D0B0FtByDtAyCtC0ByCzytN0D0Tzu0CtAtDyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=13755735 IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms} IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\..\SearchScopes\{E9C6A6C8-95C4-46e1-844E-806FCE1572A1}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKU\S-1-5-21-790525478-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..keyword.URL: "http://websearch.greatresults.info/?l=1&q=" FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programy\Java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-06 11:26:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-06 11:42:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: E:\Programy\Java\lib\deploy\jqs\ff [2012-04-30 21:57:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012-11-14 22:38:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50ed590180498@50ed5901804d1.com: C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\50ed590180498@50ed5901804d1.com [2013-01-09 13:27:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ioizi36.yu@auitzgpoiyf.org: C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ioizi36.yu@auitzgpoiyf.org [2013-03-03 18:50:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: E:\Programy\Firefox\components [2012-04-06 11:26:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: E:\Programy\Firefox\plugins [2013-02-24 22:01:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013-02-06 19:45:50 | 000,000,000 | ---D | M] [2012-04-06 11:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Extensions [2013-04-21 11:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions [2013-01-09 13:27:10 | 000,000,000 | ---D | M] (Browse2save) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\50ed590180498@50ed5901804d1.com [2013-04-21 11:26:59 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\amo@dealplyshopping.com [2013-02-06 19:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@babylon.com [2013-02-06 19:45:24 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@delta.com [2012-11-02 23:27:03 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@funmoods.com [2013-03-03 18:50:20 | 000,000,000 | ---D | M] (BrrooWsse2usave) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ioizi36.yu@auitzgpoiyf.org [2013-02-06 19:44:56 | 000,006,484 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\BrowserProtect.xml [2013-02-06 19:45:26 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\delta.xml [2013-03-11 10:03:03 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\Funmoods.xml [2013-04-25 15:27:31 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\WebSearch.xml [2012-04-06 11:42:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012-04-05 12:29:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012-04-27 21:43:38 | 000,000,000 | ---D | M] (z) -- E:\PROGRAMY\FIREFOX\EXTENSIONS\{12551F2E-1C3F-796A-F333-9CC5B7FD508D} [2012-04-30 21:57:43 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMY\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-04-30 21:57:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- E:\PROGRAMY\JAVA\LIB\DEPLOY\JQS\FF [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://allegro.pl/ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_1\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.18.1_0\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jemjjmhmocelhnafbnpljncimnpojpkf\1\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\ CHR - Extension: No name found = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Browse2save) - {07C0DFDB-23EE-32E9-2B44-65EB1F89CAE9} - C:\Documents and Settings\All Users\Dane aplikacji\Browse2save\50ed590180629.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (extrafind) - {402cd407-0f6c-1cc4-22f7-828b6e2e1824} - C:\WINDOWS\system32\95701909.dll () O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programy\Java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (BrrooWsse2usave) - {9F48EC08-CB03-4A9C-92ED-3F4C8F57EB02} - C:\Documents and Settings\All Users\Dane aplikacji\BrrooWsse2usave\51337edfbc483.dll () O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programy\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe () O4 - HKLM..\Run: [CloneCDTray] E:\Programy\Clone CD\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TWCU] E:\Programy\TP-LINK\TWCU.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\Perliczki\Menu Start\Programy\Autostart\Internet.lnk = File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-790525478-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79E187F-8E05-4BD3-90E7-E3F23658923B}: NameServer = 31.128.24.2 31.128.0.31 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - AppInit_DLLs: (c:\progra~1\mocaflix\sprote~1.dll) - c:\Program Files\MocaFlix\sprotector.dll () O20 - AppInit_DLLs: (c:\progra~1\browse~2\sprote~1.dll) - c:\Program Files\BrowseToSave\sprotector.dll () O20 - AppInit_DLLs: (c:\progra~1\simple~1\sprote~1.dll) - c:\Program Files\SimpleSpeedy\sprotector.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-04-05 12:17:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012-07-20 13:37:19 | 000,023,149 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{1d443a3d-0d64-11e2-9ecb-1c6f65b77341}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{1d443a3d-0d64-11e2-9ecb-1c6f65b77341}\Shell\open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{1f5c722e-5fe1-11e2-a062-1c6f65b77341}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{1f5c722e-5fe1-11e2-a062-1c6f65b77341}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{2c7f7f6c-c2f4-11e1-9d7d-1c6f65b77341}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{2c7f7f6c-c2f4-11e1-9d7d-1c6f65b77341}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{2df2a126-412a-11e2-9fc8-1c6f65b77341}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{2df2a126-412a-11e2-9fc8-1c6f65b77341}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{5998dc35-921a-11e2-bb5d-1c6f65b77341}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{5998dc35-921a-11e2-bb5d-1c6f65b77341}\Shell\open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{868e53a4-d1c5-11e1-9dbb-1c6f65b77341}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{868e53a4-d1c5-11e1-9dbb-1c6f65b77341}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{868e53a5-d1c5-11e1-9dbb-1c6f65b77341}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{868e53a5-d1c5-11e1-9dbb-1c6f65b77341}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{868e53a6-d1c5-11e1-9dbb-1c6f65b77341}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{868e53a6-d1c5-11e1-9dbb-1c6f65b77341}\Shell\open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{9a7845a3-7f57-11e1-9c47-806d6172696f}\Shell\AutoRun\command - "" = F:\setupSNK.exe O33 - MountPoints2\{9ac64dfa-a4ec-11e1-9cf9-1c6f65b77341}\Shell - "" = AutoRun O33 - MountPoints2\{9ac64dfa-a4ec-11e1-9cf9-1c6f65b77341}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{c4d09dd5-826f-11e1-9c5a-1c6f65b77341}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{c4d09dd5-826f-11e1-9c5a-1c6f65b77341}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-25 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleSpeedy [2013-04-21 11:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perliczki\Dane aplikacji\DealPly [2013-04-21 11:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly [2013-04-21 11:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perliczki\Menu Start\Programy\DealPly [2012-07-07 07:15:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Perliczki\Dane aplikacji\pcouffin.sys [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-25 17:36:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1993962763-839522115-1004UA.job [2013-04-25 15:35:06 | 000,703,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-04-25 15:35:06 | 000,559,718 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013-04-25 15:35:06 | 000,272,136 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013-04-25 15:35:06 | 000,262,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-04-25 15:35:03 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Perliczki.job [2013-04-25 15:34:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1993962763-839522115-1004.job [2013-04-25 15:34:53 | 000,000,558 | -H-- | M] () -- C:\WINDOWS\tasks\OptimizerProUpdaterTask{CE36C72D-E96E-4AA2-89FA-C6CB08125098}.job [2013-04-25 15:34:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-04-25 15:32:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-04-25 15:23:19 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionReminder.job [2013-04-25 15:23:19 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionDowngrade.job [2013-04-23 10:14:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Perliczki.job [2013-04-21 14:15:02 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Perliczki.job [2013-04-19 08:36:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1993962763-839522115-1004Core.job [2013-04-17 10:08:44 | 006,018,268 | ---- | M] () -- C:\Documents and Settings\Perliczki\Pulpit\plan zagospodarowania gm Jaroslaw.jpg [2013-04-16 19:29:28 | 000,011,761 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.msg [2013-04-16 19:29:28 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.dat [2013-04-16 19:29:20 | 000,707,504 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.exe [2013-04-14 20:58:43 | 000,024,955 | ---- | M] () -- C:\Documents and Settings\Perliczki\Pulpit\pole ostrow.JPG [2013-04-08 18:55:54 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-03-28 15:18:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1993962763-839522115-1004.job [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-25 15:23:18 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\DoxillionDowngrade.job [2013-04-17 10:08:43 | 006,018,268 | ---- | C] () -- C:\Documents and Settings\Perliczki\Pulpit\plan zagospodarowania gm Jaroslaw.jpg [2013-04-16 19:29:28 | 000,707,504 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.exe [2013-04-16 19:29:28 | 000,011,761 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.msg [2013-04-16 19:29:28 | 000,002,403 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.dat [2013-04-14 20:54:54 | 000,024,955 | ---- | C] () -- C:\Documents and Settings\Perliczki\Pulpit\pole ostrow.JPG [2013-02-08 11:23:22 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT [2013-02-04 18:57:44 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2013-02-04 18:56:24 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2012-12-11 20:14:00 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2012-12-01 20:09:14 | 000,272,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2012-12-01 20:09:14 | 000,272,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-790525478-1993962763-839522115-1004-0.dat [2012-11-28 17:56:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2012-11-28 17:56:08 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012-11-20 12:50:10 | 000,065,536 | R--- | C] () -- C:\WINDOWS\AC1_Un0.exe [2012-11-18 01:14:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE [2012-11-18 01:14:08 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL [2012-11-18 01:13:47 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll [2012-11-14 22:37:46 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini [2012-11-02 13:57:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32i.dll [2012-11-02 13:57:15 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx [2012-11-02 13:57:14 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods.crx [2012-10-31 10:54:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll [2012-10-31 10:54:36 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll [2012-07-20 13:41:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\$_hpcst$.hpc [2012-07-07 07:15:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2012-07-07 07:15:22 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\inst.exe [2012-07-07 07:15:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\pcouffin.cat [2012-07-07 07:15:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\pcouffin.inf [2012-04-27 21:43:38 | 000,075,045 | ---- | C] () -- C:\WINDOWS\System32\f2e2fac1.exe [2012-04-27 21:43:37 | 001,915,904 | ---- | C] () -- C:\WINDOWS\System32\95701909.dll [2012-04-06 11:13:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2012-04-06 10:38:33 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-05 22:09:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe [2012-04-05 22:09:26 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2012-04-05 22:09:26 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll [2012-04-05 14:46:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012-04-05 14:08:40 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-04-05 14:07:46 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-04-05 12:49:01 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2012-04-05 12:48:56 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012-04-05 12:48:55 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012-04-05 12:48:54 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2012-04-05 12:48:54 | 000,160,289 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012-04-05 12:45:11 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe [2012-04-05 12:45:11 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys [2012-04-05 12:30:08 | 000,010,084 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012-04-05 12:29:04 | 000,218,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-04-05 12:22:36 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe [2012-04-05 12:22:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini [2012-04-05 12:19:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-04-05 12:15:49 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-04-05 12:28:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008-04-14 22:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 22:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-02-06 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2012-10-30 00:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Battle.net [2013-01-16 20:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Browse2save [2013-02-06 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect [2013-03-07 14:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BrrooWsse2usave [2012-05-23 18:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2013-02-08 11:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON [2012-04-06 12:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-04-06 11:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IM [2012-04-06 11:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail [2013-04-25 15:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate [2013-01-04 18:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2013-04-25 02:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2013-01-09 13:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium [2012-12-11 20:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft [2012-11-02 23:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Smart Soft [2013-03-03 19:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SoftSafe [2013-01-09 17:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2013-01-09 13:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WoW Worldwide Software LTD [2013-02-06 19:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Xilisoft [2012-06-10 09:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Audacity [2013-02-06 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Babylon [2012-05-23 18:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\DAEMON Tools Lite [2012-09-26 11:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\DDMSettings [2013-04-21 11:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\DealPly [2013-02-06 19:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Delta [2012-11-02 23:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Free PDF to Word Converter [2012-11-04 16:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Funmoods [2012-04-06 12:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Gadu-Gadu [2012-04-06 12:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Gadu-Gadu 10 [2013-02-06 19:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\ImgBurn [2012-06-29 18:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\LolClient [2012-06-04 14:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\LolClient2 [2013-03-13 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mumble [2012-04-06 18:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\OpenFM [2012-11-02 13:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\PDFCreatorPackages [2013-01-09 13:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\SendSpace [2013-04-08 20:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\uTorrent [2012-07-07 07:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Vso [2013-02-06 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Xilisoft [2012-11-02 14:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\XnView [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 24 bytes -> C:\WINDOWS:F177B3E889563397 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:373E1720 < End of report >

Extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2013-04-25 17:56:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,57% Memory free 3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,50% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 127,96 Gb Free Space | 87,36% Space Free | Partition Type: NTFS Drive E: | 319,27 Gb Total Space | 186,28 Gb Free Space | 58,35% Space Free | Partition Type: NTFS Computer Name: PRIVATE-4AFB8A4 | User Name: Perliczki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-790525478-1993962763-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Przeglądaj w XnView] -- "E:\Programy\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "57636:TCP" = 57636:TCP:*:Enabled:Pando Media Booster "57636:UDP" = 57636:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "57636:TCP" = 57636:TCP:*:Enabled:Pando Media Booster "57636:UDP" = 57636:UDP:*:Enabled:Pando Media Booster [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Documents and Settings\Perliczki\Ustawienia lokalne\Temp\ImInstaller\incredimail_installer.exe" = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer -- (IncrediMail Ltd.) "C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację -- (Microsoft Corporation) "E:\Programy\uTorrent\uTorrent.exe" = E:\Programy\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "E:\Programy\Gadu-Gadu\Gadu-Gadu 10\gg.exe" = E:\Programy\Gadu-Gadu\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "E:\Programy\TS3\ts3client_win32.exe" = E:\Programy\TS3\ts3client_win32.exe:*:Enabled:ts3client_win32 -- (TeamSpeak Systems GmbH) "E:\Gry\StarCraft II\StarCraft II.exe" = E:\Gry\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "E:\Mati\Steam\steamapps\common\aliens vs predator demo\AvP.exe" = E:\Mati\Steam\steamapps\common\aliens vs predator demo\AvP.exe:*:Enabled:Aliens vs Predator Demo -- (Sega Europe Limited) "E:\Gry\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe" = E:\Gry\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe:*:Enabled:Blizzard Downloader "C:\Documents and Settings\All Users\Dane aplikacji\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Documents and Settings\All Users\Dane aplikacji\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent "C:\Documents and Settings\All Users\Dane aplikacji\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Documents and Settings\All Users\Dane aplikacji\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment) "E:\Gry\StarCraft II\StarCraft II Public Test.exe" = E:\Gry\StarCraft II\StarCraft II Public Test.exe:*:Enabled:Publiczny serwer testowy StarCraft II -- (Blizzard Entertainment) "C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\IM\Runtime\IncrediMail_Install.exe" = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\IM\Runtime\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- () "E:\Mati\Steam\steamapps\banan1992\counter-strike\hl.exe" = E:\Mati\Steam\steamapps\banan1992\counter-strike\hl.exe:*:Enabled:Counter-Strike "E:\Mati\Steam\steamapps\common\Half-Life\hl.exe" = E:\Mati\Steam\steamapps\common\Half-Life\hl.exe:*:Enabled:Counter-Strike -- (Valve) "C:\Documents and Settings\All Users\Dane aplikacji\Battle.net\Agent\Agent.1737\Agent.exe" = C:\Documents and Settings\All Users\Dane aplikacji\Battle.net\Agent\Agent.1737\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment) "E:\Gry\StarCraft II\Versions\Base24944\SC2.exe" = E:\Gry\StarCraft II\Versions\Base24944\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{072A1145-79D5-4BEB-4D8A-59CCB7CB31AE}" = Catalyst Control Center Graphics Full Existing "{097CF8DE-C007-F3C5-2A80-C1AD2A9D7EFB}" = Catalyst Control Center Graphics Previews Common "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0E5E5B46-61B6-3FF3-5C7C-87F1AC00568E}" = CCC Help Czech "{0F200FB1-B904-1820-0EEA-15C458B575B3}" = CCC Help Portuguese "{145C6099-E682-AFBB-4E4C-2FE72333E2FB}" = CCC Help Hungarian "{15A0B9F3-DCE9-42D8-0F81-A03C0BF9BB3B}" = CCC Help Norwegian "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail "{19A84EB1-D85B-BB4F-0030-B7E2BC1ACB6F}" = Catalyst Control Center Localization Dutch "{1BF4CB7A-85C6-0480-30D9-C8F711C9D99E}" = Catalyst Control Center Localization Chinese Traditional "{2034E9E2-60F5-A335-363F-9FA9B0864FBA}" = CCC Help Chinese Standard "{233EE11F-A04C-B612-AEDF-16A312986113}" = Catalyst Control Center Graphics Light "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Client Installation Program "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{3405EF6E-6E68-AF1A-A165-4832ADA3221E}" = Catalyst Control Center Localization Finnish "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{354DC3BC-A17F-E931-E696-E57EF0BF39B1}" = CCC Help Japanese "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{39BBA37B-E375-4977-6EC2-9FB182A18CD1}" = Catalyst Control Center Localization Russian "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CFC1E5C-52C5-F564-BBBD-A791A0ED2868}" = CCC Help Swedish "{3D7277B3-B0BE-497C-A626-55F063254B5B}" = EPSON TM Virtual Port Driver Ver.8.10a "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1 "{40A77C5E-831D-53B7-6DD6-049390E99737}" = CCC Help Turkish "{43673268-252B-10C5-A96B-BD766CECF1BC}" = Catalyst Control Center Localization Korean "{43B7C43F-406C-4DE5-DCC5-6712A09890D1}" = Catalyst Control Center Localization Danish "{4517BAE4-D4F2-3A21-38F7-8E4D798515E3}" = Catalyst Control Center Localization Norwegian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B0F42ED-C1AA-1EE3-694C-B338B60D202A}" = Catalyst Control Center Localization German "{4DE8C2BD-F830-CB44-3C55-FC77DE3FDB80}" = CCC Help German "{4FAF0223-13C2-E94B-6E9E-D5807EFE8589}" = CCC Help Korean "{51007CF9-CB4C-265B-D62A-FF6BFD327ABA}" = Catalyst Control Center Localization Polish "{526AAE17-8067-9BF2-C56B-EE8CEED32254}" = CCC Help Polish "{56BA64AD-C2DF-9C71-E521-F87A2D335F57}" = Catalyst Control Center Localization French "{57A17677-2064-D213-F2C0-37874112BCE8}" = ccc-utility "{5C4ED859-875F-4299-AA2C-E0E393BDCD21}" = ScanSoft PaperPort 11 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{68E30A3E-5D3F-476B-A858-B3CA453FF180}" = Compositor "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{785A16DC-26B7-3184-D5F7-4186C90F77B9}" = Catalyst Control Center Localization Chinese Standard "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{849A20E0-8A09-45F9-BE58-4DAE823E8CE4}" = Catalyst Control Center Localization Czech "{85785A25-4ED5-1CDF-24BF-4AD32FFDCD3D}" = Catalyst Control Center Localization Turkish "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B4195EA-58F9-4441-A6AA-10DB50A2B71C}" = BrowseToSave "{8FB6D01C-0361-4A27-A8CC-4B435455F2EA}" = "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9261261C-7EBF-4DF5-AF1E-369D498204EA}" = OptimizerPro "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93693EB3-E1E9-BC11-76D9-E03BF7338FC9}" = CCC Help Greek "{9541B99F-5A88-9C02-6424-F17883E907A9}" = Catalyst Control Center Localization Spanish "{973DFE07-93EE-4EC0-73B2-1E9B1EB1B46D}" = CCC Help Danish "{97B2C4BB-08B1-6092-0F67-62AFA077444C}" = CCC Help Russian "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9B2B0EAD-2CC7-4589-B3AA-D23BAB724065}" = CDRWIN 5 "{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A70FF5D5-D3A5-27EF-9751-3280710AFB9C}" = Skins "{A958AD7D-A598-A2B6-CB71-19033DAD6730}" = Catalyst Control Center Localization Swedish "{A9F95496-FA05-9808-2A6A-850D7CD6513A}" = CCC Help Thai "{AAFEE577-C6AE-AB27-479D-592E2A74DBCE}" = Catalyst Control Center Localization Greek "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6) "{B18A9215-5C66-C719-F861-2491E0726B78}" = CCC Help Spanish "{B41B9D4A-42D5-F51F-4F9A-626D9A06CB4C}" = ccc-core-preinstall "{B9A5D708-5F66-1B3D-A2D5-4A6E24BF32F7}" = CCC Help Chinese Traditional "{BB10A37C-4BFB-BC3D-2CE4-72895A56FFAA}" = Catalyst Control Center Localization Hungarian "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C12C6589-32A4-2D8E-C8D5-C85CCF40157F}" = ccc-core-static "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C1609713-CAE7-9D05-46C5-97CF48ECE7E7}" = Catalyst Control Center Localization Japanese "{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = "{C40B3988-1BF3-12FD-10AC-F708BF1C5CFC}" = Catalyst Control Center Core Implementation "{C876E6DA-EC76-B2EC-6E09-3A7E00233750}" = CCC Help Italian "{CAEFCB7D-C290-57B2-D10D-E3DDBA524232}" = CCC Help Finnish "{CC93120F-55BA-2E8A-C3B6-982B57600A89}" = Catalyst Control Center Localization Portuguese "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D72C29C6-8476-B58D-9453-6D0FCD7FF481}" = Catalyst Control Center Graphics Full New "{DD9E5033-7C22-4665-2232-1F8E5BB3B450}" = Catalyst Control Center Localization Thai "{E4ABEF81-DE3D-DF19-BC99-BC34E2BD16B3}" = CCC Help Dutch "{ED3948D4-05E9-A37B-1D52-2466AEA87F5E}" = Catalyst Control Center Localization Italian "{EF4A88E7-AB69-EB25-2920-0F46F27D0DB2}" = CCC Help French "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5F16F97-9094-02B8-2BF0-F03E67C4E55C}" = CCC Help English "{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Active Ports" = Active Ports "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "All ATI Software" = ATI - Software Uninstall Utility "Ancient Conquest" = Anci "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 2.0 "bi_uninstaller" = Bundled software uninstaller "Browsers Protector" = Browsers Protector "CloneCD" = CloneCD "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0 "DealPly" = DealPly (remove only) "delta" = Delta toolbar "DivX Setup" = DivX Setup "Doxillion" = Doxillion Document Converter "DVD Author Plus_is1" = DVD Author Plus 2.3 "Enable S3 for USB Device" = Enable S3 for USB Device "ENTERPRISE" = Microsoft Office Enterprise 2007 "Expekt Poker" = Expekt Poker "f2e2fac1" = Contextual Tool Extrafind "Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383 "funmoods" = Funmoods "Gadu-Gadu 10" = Gadu-Gadu 10 "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "ICCup Launcher_is1" = ICCup Launcher "ImgBurn" = ImgBurn "IncrediMail" = IncrediMail 2.0 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "OptimizerPro" = "PDF Creator" = PDF Creator "RealPlayer 15.0" = RealPlayer "Shut Down-O-Matic" = Shut Down-O-Matic "SP_48c708f2" = "SP_56ec1d15" = Search Assistant MocaFlix 1.66 "SP_7699c875" = Search Assistant SimpleSpeedy 1.74 "StarCraft II" = StarCraft II "StartSearch Toolbar" = StartSearch Toolbar 1.3 "Switch" = Switch Sound File Converter "TeamSpeak 3 Client" = TeamSpeak 3 Client "uTorrent" = µTorrent "V9Software" = Deinstalator Strony V9 "WavePad" = WavePad Sound Editor "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinISD beta" = WinISD beta "WinRAR archiver" = WinRAR 4.11 (32-bitowy) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "Xilisoft Audio Maker 6" = Xilisoft Audio Maker 6 "XnView_is1" = XnView 1.95.3 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-790525478-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "PDF Creator Packages" = PDF Creator Packages [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-04-25 09:32:18 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2013-04-25 09:32:18 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data). Error - 2013-04-25 09:32:29 | Computer Name = PRIVATE-4AFB8A4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x71a56a55. Error - 2013-04-25 09:33:34 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2013-04-25 09:33:34 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2013-04-25 09:33:34 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data). Error - 2013-04-25 09:35:03 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2013-04-25 09:35:03 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2013-04-25 09:35:03 | Computer Name = PRIVATE-4AFB8A4 | Source = LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data). Error - 2013-04-25 10:34:35 | Computer Name = PRIVATE-4AFB8A4 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca chrome.exe, wersja 26.0.1410.64, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2013-04-12 03:01:58 | Computer Name = PRIVATE-4AFB8A4 | Source = NetBT | ID = 4307 Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia adresów początkowych. Error - 2013-04-12 04:01:21 | Computer Name = PRIVATE-4AFB8A4 | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2013-04-12 04:01:34 | Computer Name = PRIVATE-4AFB8A4 | Source = PrecSim | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Scsi\PrecSim1. Error - 2013-04-12 04:01:34 | Computer Name = PRIVATE-4AFB8A4 | Source = NetBT | ID = 4307 Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia adresów początkowych. Error - 2013-04-12 08:09:54 | Computer Name = PRIVATE-4AFB8A4 | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2013-04-12 08:10:04 | Computer Name = PRIVATE-4AFB8A4 | Source = PrecSim | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Scsi\PrecSim1. Error - 2013-04-12 08:10:04 | Computer Name = PRIVATE-4AFB8A4 | Source = NetBT | ID = 4307 Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia adresów początkowych. Error - 2013-04-12 09:51:11 | Computer Name = PRIVATE-4AFB8A4 | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2013-04-12 09:51:24 | Computer Name = PRIVATE-4AFB8A4 | Source = PrecSim | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Scsi\PrecSim1. Error - 2013-04-12 09:51:24 | Computer Name = PRIVATE-4AFB8A4 | Source = NetBT | ID = 4307 Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia adresów początkowych. < End of report >

pozdrawiam i z góry dzięki za pomoc

**Posty:** 4765 · przez **ordynat** 25 Kwi 2013, 23:20

Odinstaluj niepotrzebny "V9Software" = Deinstalator Strony V9

Odinstaluj niepotrzebny "StartSearch Toolbar" = StartSearch Toolbar 1.3

Odinstaluj niepotrzebny "SP_7699c875" = Search Assistant SimpleSpeedy 1.74

Odinstaluj niepotrzebny "SP_56ec1d15" = Search Assistant MocaFlix 1.66

Odinstaluj niepotrzebny "SP_48c708f2" =

Odinstaluj niepotrzebny "OptimizerPro" =

Odinstaluj niepotrzebny "f2e2fac1" = Contextual Tool Extrafind

Odinstaluj niepotrzebny "delta" = Delta toolbar

Odinstaluj niepotrzebny "DealPly" = DealPly

Odinstaluj szkodliwy "Browsers Protector" = Browsers Protector

Odinstaluj niepotrzebny "{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar

Odinstaluj szkodliwy "{8B4195EA-58F9-4441-A6AA-10DB50A2B71C}" = BrowseToSave

Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim Usuń
Pokaż raport z niego C:\AdwCleaner[S1].txt

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2013-04-21 11:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\DealPly
[2013-02-06 19:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Delta
[2013-02-06 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perliczki\Dane aplikacji\Babylon
[2013-01-09 13:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium
[2013-04-25 15:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
[2013-02-06 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect
[2013-03-07 14:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BrrooWsse2usave
[2013-01-16 20:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Browse2save
[2013-02-06 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2012-04-27 21:43:38 | 000,075,045 | ---- | C] () -- C:\WINDOWS\System32\f2e2fac1.exe
[2012-04-27 21:43:37 | 001,915,904 | ---- | C] () -- C:\WINDOWS\System32\95701909.dll
[2012-11-02 13:57:15 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx
[2012-11-02 13:57:14 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2013-04-25 15:34:53 | 000,000,558 | -H-- | M] () -- C:\WINDOWS\tasks\OptimizerProUpdaterTask{CE36C72D-E96E-4AA2-89FA-C6CB08125098}.job
[2013-04-25 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleSpeedy
[2013-04-21 11:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perliczki\Dane aplikacji\DealPly
[2013-04-21 11:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2013-04-21 11:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perliczki\Menu Start\Programy\DealPly
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (c:\progra~1\mocaflix\sprote~1.dll) - c:\Program Files\MocaFlix\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\browse~2\sprote~1.dll) - c:\Program Files\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\simple~1\sprote~1.dll) - c:\Program Files\SimpleSpeedy\sprotector.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O4 - Startup: C:\Documents and Settings\Perliczki\Menu Start\Programy\Autostart\Internet.lnk = File not found
O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe ()
O2 - BHO: (Browse2save) - {07C0DFDB-23EE-32E9-2B44-65EB1F89CAE9} - C:\Documents and Settings\All Users\Dane aplikacji\Browse2save\50ed590180629.dll ()
O2 - BHO: (extrafind) - {402cd407-0f6c-1cc4-22f7-828b6e2e1824} - C:\WINDOWS\system32\95701909.dll ()
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (BrrooWsse2usave) - {9F48EC08-CB03-4A9C-92ED-3F4C8F57EB02} - C:\Documents and Settings\All Users\Dane aplikacji\BrrooWsse2usave\51337edfbc483.dll ()
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
[2012-04-27 21:43:38 | 000,000,000 | ---D | M] (z) -- E:\PROGRAMY\FIREFOX\EXTENSIONS\{12551F2E-1C3F-796A-F333-9CC5B7FD508D}
[2013-01-09 13:27:10 | 000,000,000 | ---D | M] (Browse2save) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\50ed590180498@50ed5901804d1.com
[2013-04-21 11:26:59 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\amo@dealplyshopping.com
[2013-02-06 19:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@babylon.com
[2013-02-06 19:45:24 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@delta.com
[2012-11-02 23:27:03 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@funmoods.com
[2013-03-03 18:50:20 | 000,000,000 | ---D | M] (BrrooWsse2usave) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ioizi36.yu@auitzgpoiyf.org
[2013-02-06 19:44:56 | 000,006,484 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\BrowserProtect.xml
[2013-02-06 19:45:26 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\delta.xml
[2013-03-11 10:03:03 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\Funmoods.xml
[2013-04-25 15:27:31 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\WebSearch.xml
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013-02-06 19:45:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50ed590180498@50ed5901804d1.com: C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\50ed590180498@50ed5901804d1.com [2013-01-09 13:27:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.greatresults.info/?l=1&q="
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
MOD - [2013-01-24 13:20:16 | 001,032,704 | ---- | M] () -- c:\Program Files\SimpleSpeedy\sprotector.dll
MOD - [2013-01-24 13:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files\BrowseToSave\sprotector.dll
MOD - [2013-01-16 18:27:06 | 002,550,224 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013-01-16 18:26:01 | 002,212,304 | ---- | M] () -- c:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012-10-11 12:54:00 | 000,427,520 | ---- | M] () -- c:\Program Files\MocaFlix\sprotector.dll
MOD - [2012-09-19 16:50:47 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Premium\OptimizerPro\OptimizerPro.exe
MOD - [2012-02-15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe

:Files
G:\RECYCLER
H:\RECYCLER

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline)
.

**Posty:** 2 · przez **Matiroshima** 01 Maj 2013, 16:40

AdwCleaner

Kod: Zaznacz wszystko: # AdwCleaner v2.300 - Log utworzony 30/04/2013 o 17:33:27 # Aktualizacja 28/04/2013 przez Xplode # System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # Użytkownik : Perliczki - PRIVATE-4AFB8A4 # Tryb uruchomienia : Normalny # Ścieżka : E:\adwcleaner.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\DOCUME~1\PERLIC~1\USTAWI~1\Temp\boost_interprocess Folder Usunięto : C:\DOCUME~1\PERLIC~1\USTAWI~1\Temp\OCS Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Babylon Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Browse2save Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\BrrooWsse2usave Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\InstallMate Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Premium Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\SoftSafe Folder Usunięto : C:\Documents and Settings\All Users\Menu Start\Programy\Browse2save Folder Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Babylon Folder Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\DealPly Folder Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Funmoods Folder Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\50ed590180498@50ed5901804d1.com Folder Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@babylon.com Folder Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@funmoods.com Folder Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ioizi36.yu@auitzgpoiyf.org Folder Usunięto : C:\Program Files\DealPly Folder Usunięto : C:\Program Files\Funmoods Folder Usunięto : C:\Program Files\MocaFlix Plik Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\bProtector_extensions.rdf Plik Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\BrowserProtect.xml Plik Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\delta.xml Plik Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\funmoods.xml Plik Usunięto : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\WebSearch.xml Plik Usunięto : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods.crx Plik Usunięto : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx Plik Usunięto : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage Plik Usunięto : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage Usunięto po restarcie : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Usunięto po restarcie : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Usunięto po restarcie : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jemjjmhmocelhnafbnpljncimnpojpkf Usunięto po restarcie : C:\Program Files\DeviceVM ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\955df8bb56eea48 Klucz Usunięto : HKCU\Software\AppDataLow\SProtector Klucz Usunięto : HKCU\Software\BI Klucz Usunięto : HKCU\Software\Conduit Klucz Usunięto : HKCU\Software\DataMngr Klucz Usunięto : HKCU\Software\DataMngr_Toolbar Klucz Usunięto : HKCU\Software\delta LTD Klucz Usunięto : HKCU\Software\Funmoods Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Klucz Usunięto : HKCU\Software\IM Klucz Usunięto : HKCU\Software\ImInstaller Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\BrowserProtect Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07C0DFDB-23EE-32E9-2B44-65EB1F89CAE9} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F48EC08-CB03-4A9C-92ED-3F4C8F57EB02} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B} Klucz Usunięto : HKCU\Software\OCS Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\StartSearch Klucz Usunięto : HKLM\SOFTWARE\955df8bb56eea48 Klucz Usunięto : HKLM\Software\Babylon Klucz Usunięto : HKLM\Software\BabylonToolbar Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{07C0DFDB-23EE-32E9-2B44-65EB1F89CAE9} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\f Klucz Usunięto : HKLM\SOFTWARE\Classes\funmoods.dskBnd Klucz Usunięto : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr Klucz Usunięto : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Klucz Usunięto : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Klucz Usunięto : HKLM\Software\Conduit Klucz Usunięto : HKLM\Software\DataMngr Klucz Usunięto : HKLM\Software\Funmoods Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Klucz Usunięto : HKLM\Software\ImInstaller Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OptimizerPro Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07C0DFDB-23EE-32E9-2B44-65EB1F89CAE9} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Klucz Usunięto : HKLM\Software\SP Global Klucz Usunięto : HKLM\Software\SProtector Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Rejestr w porządku. -\\ Mozilla Firefox v3.0.1 (pl) Plik : C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\prefs.js C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\user.js ... Usunięto ! [OK] Plik w porządku. -\\ Google Chrome v26.0.1410.64 Plik : C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences Usunięto [l.2662] : urls_to_restore_on_startup = [ "hxxp://websearch.greatresults.info/" ] ************************* AdwCleaner[R1].txt - [21374 octets] - [30/04/2013 17:06:41] AdwCleaner[S1].txt - [11981 octets] - [30/04/2013 17:33:27] ########## EOF - C:\AdwCleaner[S1].txt - [12042 octets] ##########

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2013-05-01 16:21:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,25% Memory free 3,85 Gb Paging File | 3,54 Gb Available in Paging File | 91,96% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 132,06 Gb Free Space | 90,15% Space Free | Partition Type: NTFS Drive E: | 319,27 Gb Total Space | 183,76 Gb Free Space | 57,56% Space Free | Partition Type: NTFS Computer Name: PRIVATE-4AFB8A4 | User Name: Perliczki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-25 17:54:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2013-04-09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2012-09-05 17:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012-04-30 21:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- E:\Programy\Java\bin\jqs.exe PRC - [2012-04-06 11:26:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012-01-30 22:34:00 | 000,914,584 | ---- | M] (Seiko Epson Corporation) -- C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe PRC - [2010-04-07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe PRC - [2009-10-15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-03-29 16:12:06 | 000,364,544 | ---- | M] () -- E:\Programy\TP-LINK\TWCU.exe PRC - [2005-12-30 08:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-04-09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll MOD - [2013-04-09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013-04-09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2011-10-04 23:42:36 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32i.dll MOD - [2010-03-04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL MOD - [2010-03-04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll MOD - [2006-03-29 16:12:06 | 000,364,544 | ---- | M] () -- E:\Programy\TP-LINK\TWCU.exe MOD - [2006-03-21 09:52:30 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll MOD - [2006-01-20 08:50:52 | 000,094,208 | ---- | M] () -- E:\Programy\TP-LINK\oemres.dll MOD - [2005-12-30 08:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012-09-05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012-04-30 21:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- E:\Programy\Java\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-01-30 22:34:00 | 000,914,584 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe -- (EpsonPEService) SRV - [2010-04-07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService) SRV - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2009-10-15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2005-12-30 08:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-02-08 12:10:39 | 000,071,680 | ---- | M] (Seiko Epson Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EpsCe.sys -- (EpsCe) DRV - [2010-04-30 10:56:24 | 006,032,928 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010-04-27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010-03-06 01:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews) DRV - [2010-03-04 12:02:10 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010-03-04 12:02:08 | 000,070,912 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009-11-18 01:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 01:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2007-12-21 05:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-04-16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006-12-28 18:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2005-12-21 10:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2002-05-22 01:00:00 | 000,069,600 | ---- | M] (Engelmann GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\precsim.sys -- (PrecSim) DRV - [2002-05-22 01:00:00 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4EDDF9AB-01F7-4399-B254-FFD3430BEB8B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9D290DE2-08C6-45fe-BBAE-896FB24A6E39}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\..\SearchScopes\{E9C6A6C8-95C4-46e1-844E-806FCE1572A1}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programy\Java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-06 11:26:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-06 11:42:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: E:\Programy\Java\lib\deploy\jqs\ff [2012-04-30 21:57:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012-11-14 22:38:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ioizi36.yu@auitzgpoiyf.org: C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ioizi36.yu@auitzgpoiyf.org FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: E:\Programy\Firefox\components [2012-04-06 11:26:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: E:\Programy\Firefox\plugins [2013-04-30 17:15:19 | 000,000,000 | ---D | M] [2012-04-06 11:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Extensions [2013-04-30 17:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PERLICZKI\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\9JSMXKAZ.DEFAULT\EXTENSIONS\50ED590180498@50ED5901804D1.COM File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PERLICZKI\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\9JSMXKAZ.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PERLICZKI\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\9JSMXKAZ.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PERLICZKI\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\9JSMXKAZ.DEFAULT\EXTENSIONS\IOIZI36.YU@AUITZGPOIYF.ORG [2012-04-06 11:42:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012-04-05 12:29:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION File not found (No name found) -- E:\PROGRAMY\FIREFOX\EXTENSIONS\{12551F2E-1C3F-796A-F333-9CC5B7FD508D} [2012-04-30 21:57:43 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMY\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-04-30 21:57:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- E:\PROGRAMY\JAVA\LIB\DEPLOY\JQS\FF [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = E:\Programy\Firefox\plugins\npdeployJava1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = E:\Programy\Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = E:\Programy\Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = E:\Programy\Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = E:\Programy\Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = E:\Programy\Java\bin\plugin2\npjp2.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programy\Java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programy\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" File not found O4 - HKLM..\Run: [CloneCDTray] E:\Programy\Clone CD\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TWCU] E:\Programy\TP-LINK\TWCU.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{615B4E7E-D3BC-40DD-BF4D-1D54328C45A9}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79E187F-8E05-4BD3-90E7-E3F23658923B}: NameServer = 31.128.24.2 31.128.0.31 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-04-05 12:17:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012-07-20 13:37:19 | 000,023,149 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-30 17:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013-04-30 15:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perliczki\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-04-30 15:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2013-04-30 15:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013-04-30 15:09:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-07-07 07:15:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Perliczki\Dane aplikacji\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-05-01 16:21:41 | 000,722,258 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-05-01 16:21:41 | 000,587,516 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013-05-01 16:21:41 | 000,285,830 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013-05-01 16:21:41 | 000,273,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-05-01 16:19:50 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Perliczki.job [2013-05-01 16:19:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1993962763-839522115-1004.job [2013-05-01 16:19:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-05-01 09:15:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Perliczki.job [2013-04-30 23:36:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1993962763-839522115-1004UA.job [2013-04-30 15:30:59 | 000,011,761 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.msg [2013-04-30 15:30:59 | 000,004,206 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.dat [2013-04-30 15:30:53 | 000,707,504 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.exe [2013-04-30 08:36:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1993962763-839522115-1004Core.job [2013-04-28 20:27:35 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-04-26 01:56:19 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013-04-25 15:32:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-04-25 15:23:19 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionReminder.job [2013-04-25 15:23:19 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionDowngrade.job [2013-04-21 14:15:02 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Perliczki.job [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-30 15:30:59 | 000,707,504 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.exe [2013-04-30 15:11:22 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk [2013-04-25 15:23:18 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\DoxillionDowngrade.job [2013-04-16 19:29:28 | 000,011,761 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.msg [2013-04-16 19:29:28 | 000,004,206 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\unins000.dat [2013-02-08 11:23:22 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT [2013-02-04 18:57:44 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2013-02-04 18:56:24 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2012-12-11 20:14:00 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2012-12-01 20:09:14 | 000,272,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2012-12-01 20:09:14 | 000,272,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-790525478-1993962763-839522115-1004-0.dat [2012-11-28 17:56:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2012-11-28 17:56:08 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012-11-20 12:50:10 | 000,065,536 | R--- | C] () -- C:\WINDOWS\AC1_Un0.exe [2012-11-18 01:14:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE [2012-11-18 01:14:08 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL [2012-11-18 01:13:47 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll [2012-11-14 22:37:46 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini [2012-11-02 13:57:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32i.dll [2012-10-31 10:54:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll [2012-10-31 10:54:36 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll [2012-07-20 13:41:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\$_hpcst$.hpc [2012-07-07 07:15:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2012-07-07 07:15:22 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\inst.exe [2012-07-07 07:15:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\pcouffin.cat [2012-07-07 07:15:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Perliczki\Dane aplikacji\pcouffin.inf [2012-04-06 11:13:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2012-04-06 10:38:33 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-05 22:09:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe [2012-04-05 22:09:26 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2012-04-05 22:09:26 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll [2012-04-05 14:46:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012-04-05 14:08:40 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-04-05 14:07:46 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-04-05 12:49:01 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2012-04-05 12:48:56 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012-04-05 12:48:55 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012-04-05 12:48:54 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2012-04-05 12:48:54 | 000,160,289 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012-04-05 12:45:11 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe [2012-04-05 12:45:11 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys [2012-04-05 12:30:08 | 000,010,084 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012-04-05 12:29:04 | 000,218,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-04-05 12:22:36 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe [2012-04-05 12:22:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini [2012-04-05 12:19:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-04-05 12:15:49 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-04-05 12:28:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008-04-14 22:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 22:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 24 bytes -> C:\WINDOWS:F177B3E889563397 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:373E1720 < End of report >

Raport z usuwania skryptem

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Folder C:\Documents and Settings\Perliczki\Dane aplikacji\DealPly\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Delta\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Babylon\ not found. Folder C:\Documents and Settings\All Users\Dane aplikacji\Premium\ not found. Folder C:\Documents and Settings\All Users\Dane aplikacji\InstallMate\ not found. Folder C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\ not found. Folder C:\Documents and Settings\All Users\Dane aplikacji\BrrooWsse2usave\ not found. Folder C:\Documents and Settings\All Users\Dane aplikacji\Browse2save\ not found. Folder C:\Documents and Settings\All Users\Dane aplikacji\Babylon\ not found. File C:\WINDOWS\System32\f2e2fac1.exe not found. File C:\WINDOWS\System32\95701909.dll not found. File C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx not found. File C:\Documents and Settings\Perliczki\Ustawienia lokalne\Dane aplikacji\funmoods.crx not found. File C:\WINDOWS\tasks\OptimizerProUpdaterTask{CE36C72D-E96E-4AA2-89FA-C6CB08125098}.job not found. Folder C:\Program Files\SimpleSpeedy\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\DealPly\ not found. Folder C:\Program Files\DealPly\ not found. Folder C:\Documents and Settings\Perliczki\Menu Start\Programy\DealPly\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\docume~1\alluse~1\daneap~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll deleted successfully. File c:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\mocaflix\sprote~1.dll deleted successfully. File c:\Program Files\MocaFlix\sprotector.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\browse~2\sprote~1.dll deleted successfully. File c:\Program Files\BrowseToSave\sprotector.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\simple~1\sprote~1.dll deleted successfully. File c:\Program Files\SimpleSpeedy\sprotector.dll not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. File move failed. C:\Documents and Settings\Perliczki\Menu Start\Programy\Autostart\Internet.lnk scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browsers Protector not found. File C:\Program Files\Browsers Protector\regmon32.exe not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07C0DFDB-23EE-32E9-2B44-65EB1F89CAE9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C0DFDB-23EE-32E9-2B44-65EB1F89CAE9}\ not found. File C:\Documents and Settings\All Users\Dane aplikacji\Browse2save\50ed590180629.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{402cd407-0f6c-1cc4-22f7-828b6e2e1824}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{402cd407-0f6c-1cc4-22f7-828b6e2e1824}\ not found. File C:\WINDOWS\system32\95701909.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found. File C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F48EC08-CB03-4A9C-92ED-3F4C8F57EB02}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F48EC08-CB03-4A9C-92ED-3F4C8F57EB02}\ not found. File C:\Documents and Settings\All Users\Dane aplikacji\BrrooWsse2usave\51337edfbc483.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}\ not found. File C:\Program Files\DealPly\DealPlyIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ not found. File C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll not found. Folder E:\PROGRAMY\FIREFOX\EXTENSIONS\{12551F2E-1C3F-796A-F333-9CC5B7FD508D}\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\50ed590180498@50ed5901804d1.com\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\amo@dealplyshopping.com\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@babylon.com\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@delta.com\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ffxtlbr@funmoods.com\ not found. Folder C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\ioizi36.yu@auitzgpoiyf.org\ not found. File C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\BrowserProtect.xml not found. File C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\delta.xml not found. File C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\Funmoods.xml not found. File C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\searchplugins\WebSearch.xml not found. Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bd07eb-0ee0-4df0-8121-dc9b693373df}\ not found. File C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension not found. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50ed590180498@50ed5901804d1.com deleted successfully. File C:\Documents and Settings\Perliczki\Dane aplikacji\Mozilla\Firefox\Profiles\9jsmxkaz.default\extensions\50ed590180498@50ed5901804d1.com not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. Prefs.js: "WebSearch" removed from browser.search.order.1 Prefs.js: "http://websearch.greatresults.info/?l=1&q=" removed from keyword.URL Prefs.js: "WebSearch" removed from browser.search.defaultenginename ========== FILES ========== File\Folder G:\RECYCLER not found. File\Folder H:\RECYCLER not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 57472 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: Perliczki ->Temp folder emptied: 1035471953 bytes ->Temporary Internet Files folder emptied: 322229859 bytes ->Java cache emptied: 12746076 bytes ->FireFox cache emptied: 44362580 bytes ->Google Chrome cache emptied: 197107518 bytes ->Flash cache emptied: 99033 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 3668638 bytes %systemroot%\System32 .tmp files removed: 5671460 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 19818685 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1 565,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05012013_161626 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Perliczki\Menu Start\Programy\Autostart\Internet.lnk not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...

**Posty:** 4765 · przez **ordynat** 01 Maj 2013, 19:46

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F177B3E889563397
O4 - HKLM..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" File not found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.
Raportu z tego już nie dawaj.
Potem kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
.

**Posty:** 1 · przez **Golput** 25 Paź 2013, 13:50

mam dokladnie ten sam problem tez strasznie muli mi komputer prosze o pomoc bd bardzo ale to bardzo wdzieczny
o to logi z otl
http://www.wklej.eu/index.php?id=7d81f363ea

**Posty:** 4765 · przez **ordynat** 25 Paź 2013, 14:21

@Golput

1) Załóż swój własny temat

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport.

3) Zrób nowe logi z OTL.

4) Znasz te:

[2013-10-25 07:24:50 | 102,895,398 | ---- | C] ()(C:\WINDOWS\System32\???;) -- C:\WINDOWS\System32\艣熼唌;
[2013-10-24 19:34:46 | 102,837,954 | ---- | M] ()(C:\WINDOWS\System32\???;) -- C:\WINDOWS\System32\鱅ᆼ唌;

Pamiętaj: własny temat!