Komputer bardzo spowolnil podejrzewam wirusa

**Posty:** 1306 · przez **tm72** 03 Gru 2012, 04:09

Witam,

programy otwieraja sie bardzooo powoli. Ogolnie komputer zachowuje sie jak jednoprocesorowy zlom. Bardzo prosze o sprawdzenie log-a. Dziekuje, pozdrawiam Tomasz

Kod: Zaznacz wszystko: OTL logfile created on: 12/2/2012 8:36:36 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\pobrane\programy 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.47 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 70.31% Memory free 10.95 Gb Paging File | 8.97 Gb Available in Paging File | 81.89% Paging File free Paging file location(s): e:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40.15 Gb Total Space | 3.36 Gb Free Space | 8.37% Space Free | Partition Type: NTFS Drive E: | 507.19 Gb Total Space | 346.65 Gb Free Space | 68.35% Space Free | Partition Type: NTFS Drive F: | 48.83 Gb Total Space | 29.51 Gb Free Space | 60.45% Space Free | Partition Type: NTFS Computer Name: TOMI-PC | User Name: tomi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/12/02 20:34:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\pobrane\programy\OTL.exe PRC - [2012/11/03 00:59:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/09/05 20:24:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/03/22 11:44:44 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012/02/02 05:01:04 | 003,034,432 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011/12/08 16:47:26 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe PRC - [2011/11/02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011/03/14 22:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011/03/14 22:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011/03/14 22:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011/03/14 22:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011/02/15 13:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2011/01/17 18:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010/10/26 16:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2010/10/26 16:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2010/09/21 00:49:26 | 000,391,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010/09/21 00:47:00 | 005,511,008 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010/09/02 15:49:40 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/09/05 20:25:12 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/12/11 09:31:42 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011/02/15 13:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/12/08 16:58:14 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2011/04/25 16:31:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011/02/22 23:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:[b]64bit:[/b] - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV:[b]64bit:[/b] - [2011/01/12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/11/03 00:59:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/05 20:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/22 11:44:44 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/12/09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011/11/12 10:18:37 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/05/19 14:50:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/14 22:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/21 00:52:38 | 001,079,472 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/03/22 11:44:44 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:[b]64bit:[/b] - [2012/03/22 11:44:43 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:[b]64bit:[/b] - [2012/03/22 11:44:42 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:[b]64bit:[/b] - [2012/03/22 11:44:38 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/02/23 10:07:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012/02/23 10:04:08 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2011/09/02 21:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:[b]64bit:[/b] - [2011/09/02 21:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:[b]64bit:[/b] - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:[b]64bit:[/b] - [2011/04/25 17:03:28 | 009,257,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/04/25 15:55:38 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/04/16 05:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b]64bit:[/b] - [2011/04/16 05:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b]64bit:[/b] - [2011/04/12 19:46:30 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:[b]64bit:[/b] - [2011/04/05 22:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/03/02 01:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2011/02/14 21:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b]64bit:[/b] - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:[b]64bit:[/b] - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:[b]64bit:[/b] - [2011/01/13 20:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:[b]64bit:[/b] - [2010/12/21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010/12/21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010/12/21 12:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2010/12/21 12:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2010/12/21 12:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2010/12/16 02:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010/07/09 14:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:[b]64bit:[/b] - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:[b]64bit:[/b] - [2010/04/20 13:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009/09/21 19:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount) DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:[b]64bit:[/b] - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/vlt/vlt_1333498246_275264 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/vlt/vlt_1333498246_275264 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/vlt/vlt_1333498246_275264 IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102876&gct=hp IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - No CLSID value found IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={812DBA89-D853-4E00-A129-2AD4B4CD062B}&mid=7eb89a13e008487aa7d0af006e8deffa-9ce339744d7453c83958b65cd6db7f489ffc06f6&lang=en&ds=pl011&pr=sa&d=2012-07-25 19:41:39&v=12.1.0.21&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes\{AA209E19-7016-4FEC-85D4-429177770AA6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYCA&apn_uid=2166cf73-ec31-492c-aac0-0a884dd369b8&apn_sauid=97B0019E-E9CF-4823-A4E0-391D890DCC9F IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy Bar Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledAddons: paprikkaFiles@paprikka.pl:0.9.8 FF - prefs.js..extensions.enabledAddons: support@auto-hide-ip.com:1.0 FF - prefs.js..extensions.enabledAddons: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=2&q=" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 16:36:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/22 06:09:53 | 000,000,000 | ---D | M] [2012/01/23 19:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Extensions [2012/01/23 19:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/10/24 19:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions [2012/05/27 13:55:11 | 000,151,242 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\paprikkaFiles@paprikka.pl.xpi [2012/02/21 12:21:03 | 000,004,526 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\support@auto-hide-ip.com.xpi [2012/10/24 19:28:31 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/09/09 20:35:27 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012/02/16 18:05:22 | 000,041,411 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2012/08/05 10:59:45 | 000,002,325 | ---- | M] () -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\searchplugins\askcom.xml [2012/09/29 16:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/05 20:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/05 21:57:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012/07/25 18:41:34 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/05 21:57:10 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012/09/05 21:57:10 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012/09/05 21:57:10 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012/04/03 19:10:46 | 000,002,415 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2012/09/05 21:57:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/09/05 21:57:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml Hosts file not found O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Usługa Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] "F:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog File not found O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] "F:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-8616609-2142783543-1502305995-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-8616609-2142783543-1502305995-1000..\Run: [hpumlio] rundll32 "C:\Users\tomi\AppData\Local\hpumlio.dll",hpumlio File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C49036B5-89BD-4A1A-A6F2-0B9AE4B723C7}: DhcpNameServer = 192.168.2.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/04/14 17:52:43 | 000,000,000 | ---D | M] - C:\AutoHideIP -- [ NTFS ] O33 - MountPoints2\{d446678c-77f2-11e1-9a92-206a8a483e13}\Shell - "" = AutoRun O33 - MountPoints2\{d446678c-77f2-11e1-9a92-206a8a483e13}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe O33 - MountPoints2\{d4466791-77f2-11e1-9a92-206a8a483e13}\Shell - "" = AutoRun O33 - MountPoints2\{d4466791-77f2-11e1-9a92-206a8a483e13}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/12/01 23:19:52 | 000,000,000 | ---D | C] -- C:\Users\tomi\AppData\Roaming\Malwarebytes [2012/12/01 23:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/01 23:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/01 23:19:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/01 23:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/09 19:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super DX-Ball Deluxe [2012/11/03 00:58:41 | 000,000,000 | ---D | C] -- C:\Users\tomi\AppData\Local\PunkBuster [2012/11/03 00:58:30 | 000,000,000 | ---D | C] -- C:\Users\tomi\Documents\MOHW [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/12/01 23:42:37 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/01 23:42:37 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/01 23:40:19 | 000,779,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/01 23:40:19 | 000,664,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/01 23:40:19 | 000,125,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/01 23:34:55 | 113,856,511 | -HS- | M] () -- C:\hiberfil.sys [2012/12/01 23:19:38 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/23 18:48:00 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/11/23 18:48:00 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/10 10:36:36 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/11/09 19:26:37 | 000,000,778 | ---- | M] () -- C:\Users\tomi\Desktop\Super DX-Ball Deluxe.lnk [2012/11/09 19:22:04 | 000,000,735 | ---- | M] () -- C:\Users\tomi\Desktop\Bejeweled 3.lnk [2012/11/04 09:12:45 | 000,030,574 | ---- | M] () -- C:\Users\tomi\Desktop\mbank.jpg [2012/11/03 00:59:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/12/01 23:19:38 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 19:26:37 | 000,000,778 | ---- | C] () -- C:\Users\tomi\Desktop\Super DX-Ball Deluxe.lnk [2012/11/04 09:12:45 | 000,030,574 | ---- | C] () -- C:\Users\tomi\Desktop\mbank.jpg [2012/11/03 00:58:45 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/10/24 19:02:28 | 000,000,092 | ---- | C] () -- C:\Users\tomi\tomi.ssi [2012/09/02 17:27:46 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini [2012/06/23 17:54:28 | 000,004,542 | ---- | C] () -- C:\Users\tomi\inde.jpg [2012/04/28 08:41:17 | 000,021,474 | ---- | C] () -- \platnosci allegro.odt [2012/04/15 12:53:13 | 000,559,019 | ---- | C] () -- C:\Users\tomi\zdj new.png [2012/04/05 19:20:36 | 007,487,509 | ---- | C] () -- \DSC00205.gif [2012/04/01 10:32:38 | 001,300,846 | ---- | C] () -- \niagara.jpg [2012/04/01 09:41:21 | 000,214,070 | ---- | C] () -- \biznes.jpg [2012/03/27 20:29:59 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2012/03/23 14:17:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012/03/23 14:17:32 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/03/23 14:17:32 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/03/23 14:17:31 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/03/20 17:17:04 | 000,000,670 | ---- | C] () -- \Mariola PIT 2011.~PITY2011NG [2012/03/19 19:27:45 | 000,000,671 | ---- | C] () -- \Mariola PIT 2011.PITY2011NG [2012/03/19 19:27:45 | 000,000,191 | ---- | C] () -- \PITY2011NG.index [2012/03/19 16:25:40 | 000,056,320 | ---- | C] () -- \RPAM_Store.dat [2012/03/19 15:56:56 | 871,507,661 | ---- | C] () -- \Tomi-PC_C_Drive001.v2i [2012/03/18 16:54:53 | 000,002,097 | ---- | C] () -- \TOMI-PC.sv2i [2012/03/18 09:47:08 | 000,012,105 | ---- | C] () -- \weeb.odt [2012/03/18 09:36:12 | 000,002,133 | ---- | C] () -- \weeb.jpg [2012/03/10 10:20:33 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/03/10 10:20:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/10 10:20:28 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2012/01/31 17:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/01/10 20:51:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011/12/08 16:45:38 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/12/08 16:45:28 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/19 02:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011/09/19 02:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/08/31 18:41:09 | 000,006,144 | ---- | C] () -- C:\Users\tomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/08/29 08:41:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011/08/26 22:31:47 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011/08/26 22:31:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011/08/26 08:23:34 | 000,000,199 | ---- | C] () -- C:\Users\tomi\AppData\Roaming\burnaware.ini [2011/08/24 01:43:26 | 000,001,038 | ---- | C] () -- C:\Users\tomi\Documents - Shortcut.lnk [2011/08/22 01:25:25 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011/07/26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/07/26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/07/26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/07/26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011/06/26 14:57:50 | 000,000,266 | ---- | C] () -- C:\Windows\LaunApp.ini [2011/06/26 14:52:01 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/06/26 14:50:27 | 000,001,116 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2011/06/26 14:23:22 | 000,764,922 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/26 14:18:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/05/19 14:56:19 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini [2011/05/19 14:56:19 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2011/05/19 14:56:19 | 000,000,169 | ---- | C] () -- C:\Windows\WisLangCode.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2011/11/15 16:23:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ControlCenter4 [2011/11/15 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ESET [2012/06/13 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\.minecraft [2012/03/22 11:47:20 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Acronis [2012/08/16 14:15:57 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AIMP3 [2012/07/19 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AnvSoft [2012/02/21 12:20:42 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AutoHideIP [2012/09/02 10:37:54 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\BANDISOFT [2011/08/22 05:20:44 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\BESTplayer [2011/08/25 10:14:26 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Canneverbe Limited [2012/03/27 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Carambis [2012/10/24 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Codeton [2011/08/30 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Command and Conquer 4 [2011/12/23 00:24:03 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ControlCenter4 [2012/03/17 17:42:46 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\DAEMON Tools Lite [2012/04/12 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\DAEMON Tools Pro [2011/08/22 06:10:29 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ESET [2012/10/01 18:38:02 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\EurekaLog [2011/08/22 01:05:40 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\funkitron [2012/01/11 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Gadu-Gadu 10 [2011/12/18 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\GHISLER [2012/08/05 10:56:16 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Hide IP NG [2012/06/08 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ipla [2012/02/19 08:32:56 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\IrfanView [2012/03/27 20:10:02 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\MOBILedit [2011/08/22 00:57:38 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Namco [2011/09/25 19:09:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\NapiProjekt [2011/08/26 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Nuance [2011/09/05 14:03:09 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\OpenFM [2011/12/11 09:32:17 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\OpenOffice.org [2012/03/31 20:00:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\PC Suite [2012/08/05 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\PlatinumHideIP [2011/10/02 16:41:35 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\RayV [2012/10/21 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Research In Motion [2011/11/06 10:12:14 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Rovio [2012/04/14 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Samsung [2012/01/18 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TeamViewer [2012/09/06 21:20:52 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TechSmith [2012/01/23 19:30:32 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TomTom [2012/10/24 18:58:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TonCut [2012/05/16 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Trine2 [2012/11/15 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\uTorrent [2011/11/15 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Wargaming.net [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 12/2/2012 8:36:37 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\pobrane\programy 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.47 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 70.31% Memory free 10.95 Gb Paging File | 8.97 Gb Available in Paging File | 81.89% Paging File free Paging file location(s): e:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40.15 Gb Total Space | 3.36 Gb Free Space | 8.37% Space Free | Partition Type: NTFS Drive E: | 507.19 Gb Total Space | 346.65 Gb Free Space | 68.35% Space Free | Partition Type: NTFS Drive F: | 48.83 Gb Total Space | 29.51 Gb Free Space | 60.45% Space Free | Partition Type: NTFS Computer Name: TOMI-PC | User Name: tomi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "e:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "e:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1B32A24C-6FC2-4AFF-959C-D31748FE1EF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1F92BA9A-42F6-4A7B-A0FB-210ADF7B322F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2456F463-9FF5-4610-A311-CBD79E8E4E67}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{249E8850-4571-4093-AC68-93753E7ED4CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{33B070F8-DFA9-4A43-A18A-FBAE94B80E70}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{34D9ACCA-0D0B-4CB5-A25C-8C01A9260160}" = rport=137 | protocol=17 | dir=out | app=system | "{3E2C387E-C578-46B9-8236-0BB4F677F3AC}" = lport=139 | protocol=6 | dir=in | app=system | "{43128C1B-D131-4499-A0CA-0DF4DDA31F68}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{47FE503E-A10B-4BE0-85B6-6A3A8DBF5349}" = lport=138 | protocol=17 | dir=in | app=system | "{5669EB2B-5634-48D0-BE96-609D80D747B8}" = rport=139 | protocol=6 | dir=out | app=system | "{79C145B1-3553-487F-B66D-C8781E600492}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{7ED6D7FA-0F0D-488B-8951-DC93637E1760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{85753DC3-3B9B-40D6-8634-111DE27572A1}" = rport=445 | protocol=6 | dir=out | app=system | "{905062C9-A784-4DE2-8C91-EF3388B3B6C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{92D8C0BC-398A-423F-866A-64A1D3573B76}" = lport=137 | protocol=17 | dir=in | app=system | "{979AF4D2-B02F-428F-9DCA-31C9B7DC9FF0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{C65963C0-CCCF-429A-B8FF-D3E8BA44135A}" = rport=138 | protocol=17 | dir=out | app=system | "{D2D219C0-8520-48BB-BC84-A47A8071BB45}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{E088DD39-4E2F-4DAA-83F4-6D11BDE0A706}" = lport=445 | protocol=6 | dir=in | app=system | "{E7C9847E-4B63-4F2E-B084-C0A9C1D43492}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F76117E1-68E8-4866-8E4F-BAA865D529C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11C08023-D52D-46ED-B39E-FB3B9F985B5B}" = protocol=6 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\gu.exe | "{16CF9A1D-4420-414E-8AC2-517F5BC199CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1C65BFD6-5777-42AA-818A-A9818AD38645}" = protocol=6 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{2BB5E59C-537C-4585-94AE-68199F8F3A7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2E0D3EF1-15D1-4564-A245-EF126738D055}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{306D360A-648C-44AC-A970-7CA6B2A47C24}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "{36B29217-2B81-44CE-A53E-3A208A117C96}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{43CB98EC-5FDB-4A7D-B907-92C91451618A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{46CEC72E-72A9-4B76-8886-767DC28D9C70}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4D09ED70-9C26-4EDC-BE75-903AE9240E56}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{514EC73B-A865-4F45-B1DE-319D14130CE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{53DEEB8D-3610-46E1-9D5F-C09E2278D53B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{549D035F-423A-455C-A637-AACB2BBFB738}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{6E37B7BC-CCB6-4ADB-AED8-A0B3A1F19E9B}" = protocol=17 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\gu.exe | "{76C0ABC1-F3CB-461F-8E70-62AFE54A77AB}" = protocol=17 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{8846D192-863E-4C73-B441-7C3718C42E97}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "{8BBD8831-06AA-4A6D-96DE-F34CC2FDF0B1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{8BF6CEEC-F52C-4B12-9904-9A2FB68EB8EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{AB45AC8C-160D-46B5-A003-884DF222CE4F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{B55744EB-5370-411C-BA80-CE215813CB7E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C17C7493-1FEC-4397-AB5C-D213B4281532}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{DCC7A3D9-8619-438D-AE91-8E10B45C3E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{E0700235-FA50-400A-8B3E-F6655BBD2460}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E336DCD6-4DCF-41AE-A2C2-29E09D597517}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E78AE93C-126A-4B7F-B800-81B59CF766CA}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | "{EC35139E-A963-491D-9BE1-F826B17D3708}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F3312619-D931-4A0E-A17B-E137BAF9671E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FE79591E-059A-4D76-98CE-51F2DA7EC47C}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{23D6630B-7538-483B-8B27-6452AE3BA628}" = ExtremeCopy "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{33B49B5C-2D04-4B8F-BA1F-D22EB8A627B0}" = ESET Smart Security "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{717BF9BD-65DD-45FF-E30F-A6C6D7945EC6}" = ccc-utility64 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1" = Phone Drivers Downloader 1.0 "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller "{D0275B7F-DBD6-0431-2406-B74291B7B826}" = AMD Catalyst Install Manager "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF288CDB-DF6C-F57E-961D-EA8542E630F3}" = WMV9/VC-1 Video Playback "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F4E3C2EB-E3B5-F412-5269-DE591E1FBCC0}" = AMD Fuel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{0222756A-042E-44EF-ADED-BB1AE7EFD5DE}" = Oprogramowanie BlackBerry Device Software wer. 7.1.0 dla smartfonów BlackBerry 9320 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011 "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B59A75C-615A-ABB2-0464-5AF5104C284A}" = CCC Help Norwegian "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B2ADAAC-573C-935F-3B87-CD7029C7F020}" = CCC Help Spanish "{1F08ACAA-BF3E-2569-9294-2EBA2885C205}" = CCC Help Greek "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{204D7A53-4EE9-EC02-EBCF-1AC61057E835}" = CCC Help Czech "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2557BFE0-B5AC-AB5B-8873-9122BABBED0C}" = CCC Help Chinese Traditional "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2713CC64-B3FF-A2FD-9AFF-471F11A36284}" = CCC Help Danish "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{31DDBC83-A165-A42B-A7A4-70D817DD52B0}" = HydraVision "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38676C9C-270F-43D1-926A-E45DE8820A6B}" = BlackBerry Device Software Updater "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7060D "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D994F1B-576F-46E6-BC68-C5B630598583}" = Active@ File Recovery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}" = Camtasia Studio 8 "{50F038DD-5B3A-179A-4CB2-DB56E2527E0F}" = CCC Help Dutch "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5ED61938-A4A9-FA79-3841-F022C5865AF5}" = CCC Help English "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6F28C2D1-EAB8-4193-4AE5-4EB9CA49FBED}" = CCC Help Polish "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games) "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75D84EF7-0D8C-4e70-SPCOPS-7B42A5D4E0EB}_is1" = Spec Ops The Line version 1.02 "{79D83AD9-3E68-F48A-9E73-ACD17897F265}" = CCC Help Portuguese "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{842A96FC-E07E-EC7F-A025-9C8F585B1A7F}" = CCC Help Swedish "{8495CDF7-BCF8-13F8-F5F4-D9B7E9768EDB}" = Catalyst Control Center Localization All "{84C00B33-9EAD-9C3C-9B17-2E4E2707F0F2}" = Catalyst Control Center InstallProxy "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{91C0B95B-B83A-4828-A775-BBE2DD421033}" = Nero 7 Premium "{92529891-5983-977C-3C9B-48B0814D3EE4}" = CCC Help Turkish "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{959DF55C-05EC-77BE-E43E-6F21D3AA8A86}" = CCC Help Russian "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1 "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B151381-27B4-14D6-57EE-6C48F3DA9BA6}" = Catalyst Control Center Graphics Previews Common "{9C7BF864-5A03-01D7-6811-539EE1749780}" = Catalyst Control Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E084323-F971-C72C-4943-AFE0F99F179D}" = CCC Help Thai "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC462391-9A50-EBCF-A59D-1E747C368191}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{B67298BA-EF28-809B-3539-1754416A7F0B}" = CCC Help Hungarian "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BCDADBF1-A530-1923-F3A4-9AAA44E072E5}" = CCC Help Korean "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}" = AMD System Monitor "{C3EC226D-D618-C465-4AB8-B49A51BB0771}" = CCC Help German "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DCC2B7D1-540F-4D6C-6D74-121BA4ADA7BF}" = CCC Help Japanese "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1508054-EC6B-B3B3-52D9-DF387C20ADFA}" = CCC Help French "{EAFE6D16-60E4-49A6-ACAC-34CB37E95FB7}" = Jewel Quest Heritage "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0069410-4156-1A9F-E78E-299324F8FFB4}" = CCC Help Finnish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1C32EB1-F035-ECFE-C312-A23654010759}" = CCC Help Italian "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIMP3" = AIMP3 "Any Video Converter_is1" = Any Video Converter 3.4.0 "Avisynth" = AviSynth 2.5 "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Bejeweled 3" = Bejeweled 3 "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1 "DAEMON Tools Pro" = DAEMON Tools Pro "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.1.1000 "Medal of Honor Warfighter_is1" = Medal of Honor Warfighter "Mozilla Firefox 15.0.1 (x86 pl)" = Mozilla Firefox 15.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyTomTom" = MyTomTom 3.1.0.530 "NapiProjekt_is1" = NapiProjekt (2.0.0.2151) "PIT Format 2011_is1" = PIT Format 2011 "PITy 2011_is1" = PITy 2011 dla Windows kompilacja:1.3.1.4 "PlatinumHideIP" = Platinum Hide IP "Power Data Recovery_is1" = Power Data Recovery 4.1.1 "PunkBusterSvc" = PunkBuster Services "Sniper Elite V2_is1" = Sniper Elite V2 "Sniper Ghost Warrior_is1" = Sniper Ghost Warrior "Super DX-Ball Deluxe_is1" = Super DX-Ball Deluxe v1.00 "TeamViewer 7" = TeamViewer 7 "TonCut_is1" = TonCut 5.2.51.1155 "Totalcmd" = Total Commander (Remove or Repair) "Trine 2_is1" = Trine 2 "uTorrent" = µTorrent "VobSub" = VobSub 2.23 "WildTangent acer Master Uninstall" = Acer Games "WinLiveSuite" = Windows Live Essentials "Worms Ultimate Mayhem_is1" = Worms Ultimate Mayhem "WTA-01d8c433-6c3d-4147-90bc-741d549252f1" = Plants vs. Zombies - Game of the Year "WTA-070c858d-cb9c-4277-872f-f0ce6dbb0e90" = Mystery P.I. - Stolen in San Francisco "WTA-1db59e09-3805-436e-ac59-d03c36f23fe3" = Poker Superstars III "WTA-25f26354-3778-4d53-b79b-16e7ee456ec5" = Namco All-Stars: PAC-MAN "WTA-462deea9-3337-4151-ad6d-f6850d3823eb" = Polar Bowler "WTA-5da91f73-dda9-4094-b149-f8d2c0d69858" = Torchlight "WTA-68b13bbe-25ec-49e6-a071-0f2efea411ef" = Diner Dash 2 Restaurant Rescue "WTA-77442d66-fad9-4b2f-93ee-a9f484255e9d" = Polar Golfer "WTA-81faad63-7fcb-498c-9e2e-9a870c590bb5" = FATE - The Traitor Soul "WTA-8dcca698-639c-4f9d-bb2b-112604dc2ab6" = Zuma's Revenge "WTA-a13fe340-2d90-4af3-9dc3-bec9e00e5e15" = Dora's World Adventure "WTA-a251e61f-30ff-44a1-93a0-e676fb9d5455" = Build-a-lot 2 "WTA-b8af0b9b-ff35-4c8e-8d6f-d2e680ff84dd" = Agatha Christie - 4:50 from Paddington "WTA-bcba2142-f987-4923-a544-573da79120c7" = Virtual Villagers 4 - The Tree of Life "WTA-bcba5550-0235-4513-ba11-812979b9880e" = Penguins! "WTA-be9c4bd6-3f33-4dd7-bd2b-45e8f8cfb3c1" = Bejeweled 2 Deluxe "WTA-f0b6751b-ee54-4091-9253-fa357663421e" = Chuzzle Deluxe "WTA-fc21dcb4-bfa3-49bd-bf2b-a4d344e70f70" = Final Drive: Nitro "WTA-fd47d010-2c26-49d7-b660-9b85524de3bc" = Jewel Quest Heritage "YTdetect" = Yahoo! Detect [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:31:07 PM | Computer Name = Tomi-PC | Source = Application Error | ID = 1000 Description = Faulting application name: BESTplayer.exe, version: 2.1.0.263, time stamp: 0x2a425e19 Faulting module name: ffmpeg.dll, version: 0.0.0.0, time stamp: 0x4e565e2b Exception code: 0xc0000005 Fault offset: 0x00136ded Faulting process id: 0xaf8 Faulting application start time: 0x01cd8ca0d0c58062 Faulting application path: E:\odzysk\pobrane\BESTplayer.exe Faulting module path: C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffmpeg.dll Report Id: 138a0b13-f894-11e1-928b-206a8a483e13 Error - 9/7/2012 5:56:17 AM | Computer Name = Tomi-PC | Source = WinMgmt | ID = 10 Description = Error - 9/7/2012 5:56:45 AM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . [ System Events ] Error - 12/2/2012 12:47:45 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 12:47:57 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 12:47:57 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 12:48:06 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 9:23:17 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 9:23:18 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 9:23:29 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 9:23:41 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 9:23:45 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/2/2012 9:23:45 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. < End of report >

**Posty:** 18165 · przez **wojtas** 03 Gru 2012, 22:24

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/vlt/vlt_1333498246_275264
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/vlt/vlt_1333498246_275264
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/vlt/vlt_1333498246_275264
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102876&gct=hp
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={812DBA89-D853-4E00-A129-2AD4B4CD062B}&mid=7eb89a13e008487aa7d0af006e8deffa-9ce339744d7453c83958b65cd6db7f489ffc06f6&lang=en&ds=pl011&pr=sa&d=2012-07-25 19:41:39&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes\{AA209E19-7016-4FEC-85D4-429177770AA6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYCA&apn_uid=2166cf73-ec31-492c-aac0-0a884dd369b8&apn_sauid=97B0019E-E9CF-4823-A4E0-391D890DCC9F
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=2&q="
[2012/07/25 18:41:34 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/03 19:10:46 | 000,002,415 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] "F:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog File not found
O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] "F:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog File not found
O4 - HKU\S-1-5-21-8616609-2142783543-1502305995-1000..\Run: [hpumlio] rundll32 "C:\Users\tomi\AppData\Local\hpumlio.dll",hpumlio File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzyła się po restarcie).

**Posty:** 1306 · przez **tm72** 04 Gru 2012, 01:27

z tym ze za pierwszym razem uruchomilem normalnie, zapomnialem "jako administrator" wiec to jest drugi log jako administrator

Kod: Zaznacz wszystko: # AdwCleaner v2.011 - Logfile created 12/03/2012 at 17:40:53 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : tomi - TOMI-PC # Boot Mode : Normal # Running from : E:\pobrane\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (pl) Profile name : default File : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\prefs.js [OK] File is clean. ************************* AdwCleaner[S1].txt - [15684 octets] - [03/12/2012 17:37:56] AdwCleaner[S2].txt - [737 octets] - [03/12/2012 17:40:53] ########## EOF - C:\AdwCleaner[S2].txt - [796 octets] ##########

Kod: Zaznacz wszystko: OTL Extras logfile created on: 12/3/2012 6:01:57 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\pobrane 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.47 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 70.80% Memory free 10.95 Gb Paging File | 9.12 Gb Available in Paging File | 83.30% Paging File free Paging file location(s): e:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40.15 Gb Total Space | 3.56 Gb Free Space | 8.86% Space Free | Partition Type: NTFS Drive E: | 507.19 Gb Total Space | 356.02 Gb Free Space | 70.19% Space Free | Partition Type: NTFS Drive F: | 48.83 Gb Total Space | 29.51 Gb Free Space | 60.45% Space Free | Partition Type: NTFS Computer Name: TOMI-PC | User Name: tomi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "e:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "e:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1B32A24C-6FC2-4AFF-959C-D31748FE1EF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1F92BA9A-42F6-4A7B-A0FB-210ADF7B322F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2456F463-9FF5-4610-A311-CBD79E8E4E67}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{249E8850-4571-4093-AC68-93753E7ED4CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{33B070F8-DFA9-4A43-A18A-FBAE94B80E70}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{34D9ACCA-0D0B-4CB5-A25C-8C01A9260160}" = rport=137 | protocol=17 | dir=out | app=system | "{3E2C387E-C578-46B9-8236-0BB4F677F3AC}" = lport=139 | protocol=6 | dir=in | app=system | "{43128C1B-D131-4499-A0CA-0DF4DDA31F68}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{47FE503E-A10B-4BE0-85B6-6A3A8DBF5349}" = lport=138 | protocol=17 | dir=in | app=system | "{5669EB2B-5634-48D0-BE96-609D80D747B8}" = rport=139 | protocol=6 | dir=out | app=system | "{79C145B1-3553-487F-B66D-C8781E600492}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{7ED6D7FA-0F0D-488B-8951-DC93637E1760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{85753DC3-3B9B-40D6-8634-111DE27572A1}" = rport=445 | protocol=6 | dir=out | app=system | "{905062C9-A784-4DE2-8C91-EF3388B3B6C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{92D8C0BC-398A-423F-866A-64A1D3573B76}" = lport=137 | protocol=17 | dir=in | app=system | "{979AF4D2-B02F-428F-9DCA-31C9B7DC9FF0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{C65963C0-CCCF-429A-B8FF-D3E8BA44135A}" = rport=138 | protocol=17 | dir=out | app=system | "{D2D219C0-8520-48BB-BC84-A47A8071BB45}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{E088DD39-4E2F-4DAA-83F4-6D11BDE0A706}" = lport=445 | protocol=6 | dir=in | app=system | "{E7C9847E-4B63-4F2E-B084-C0A9C1D43492}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F76117E1-68E8-4866-8E4F-BAA865D529C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11C08023-D52D-46ED-B39E-FB3B9F985B5B}" = protocol=6 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\gu.exe | "{16CF9A1D-4420-414E-8AC2-517F5BC199CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1C65BFD6-5777-42AA-818A-A9818AD38645}" = protocol=6 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{226491EF-79A7-4AE9-9B35-A2AEF3614EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | "{2355E601-C678-4DA8-9923-D7EC71168188}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | "{2BB5E59C-537C-4585-94AE-68199F8F3A7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2E0D3EF1-15D1-4564-A245-EF126738D055}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{306D360A-648C-44AC-A970-7CA6B2A47C24}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "{36B29217-2B81-44CE-A53E-3A208A117C96}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3F7337D0-D44A-46C8-82BC-6C2FC97AE649}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | "{43CB98EC-5FDB-4A7D-B907-92C91451618A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{46CEC72E-72A9-4B76-8886-767DC28D9C70}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4D09ED70-9C26-4EDC-BE75-903AE9240E56}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{514EC73B-A865-4F45-B1DE-319D14130CE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{53DEEB8D-3610-46E1-9D5F-C09E2278D53B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{549D035F-423A-455C-A637-AACB2BBFB738}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{6E37B7BC-CCB6-4ADB-AED8-A0B3A1F19E9B}" = protocol=17 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\gu.exe | "{76C0ABC1-F3CB-461F-8E70-62AFE54A77AB}" = protocol=17 | dir=in | app=e:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{8846D192-863E-4C73-B441-7C3718C42E97}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "{8BBD8831-06AA-4A6D-96DE-F34CC2FDF0B1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{8BF6CEEC-F52C-4B12-9904-9A2FB68EB8EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{AB45AC8C-160D-46B5-A003-884DF222CE4F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{B55744EB-5370-411C-BA80-CE215813CB7E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C17C7493-1FEC-4397-AB5C-D213B4281532}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{D012AC9F-39C2-4652-8428-2EA66E2AD877}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | "{DCC7A3D9-8619-438D-AE91-8E10B45C3E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{E0700235-FA50-400A-8B3E-F6655BBD2460}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E336DCD6-4DCF-41AE-A2C2-29E09D597517}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E78AE93C-126A-4B7F-B800-81B59CF766CA}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | "{EC35139E-A963-491D-9BE1-F826B17D3708}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F3312619-D931-4A0E-A17B-E137BAF9671E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FE79591E-059A-4D76-98CE-51F2DA7EC47C}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A3ED9F5-9A9E-4CEB-875F-2B3E1125962A}" = BlueSoleil 8.0.370.0 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{23D6630B-7538-483B-8B27-6452AE3BA628}" = ExtremeCopy "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{33B49B5C-2D04-4B8F-BA1F-D22EB8A627B0}" = ESET Smart Security "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{717BF9BD-65DD-45FF-E30F-A6C6D7945EC6}" = ccc-utility64 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1" = Phone Drivers Downloader 1.0 "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller "{D0275B7F-DBD6-0431-2406-B74291B7B826}" = AMD Catalyst Install Manager "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF288CDB-DF6C-F57E-961D-EA8542E630F3}" = WMV9/VC-1 Video Playback "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F4E3C2EB-E3B5-F412-5269-DE591E1FBCC0}" = AMD Fuel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{0222756A-042E-44EF-ADED-BB1AE7EFD5DE}" = Oprogramowanie BlackBerry Device Software wer. 7.1.0 dla smartfonów BlackBerry 9320 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011 "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B59A75C-615A-ABB2-0464-5AF5104C284A}" = CCC Help Norwegian "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B2ADAAC-573C-935F-3B87-CD7029C7F020}" = CCC Help Spanish "{1F08ACAA-BF3E-2569-9294-2EBA2885C205}" = CCC Help Greek "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{204D7A53-4EE9-EC02-EBCF-1AC61057E835}" = CCC Help Czech "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2557BFE0-B5AC-AB5B-8873-9122BABBED0C}" = CCC Help Chinese Traditional "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2713CC64-B3FF-A2FD-9AFF-471F11A36284}" = CCC Help Danish "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{31DDBC83-A165-A42B-A7A4-70D817DD52B0}" = HydraVision "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38676C9C-270F-43D1-926A-E45DE8820A6B}" = BlackBerry Device Software Updater "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7060D "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D994F1B-576F-46E6-BC68-C5B630598583}" = Active@ File Recovery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}" = Camtasia Studio 8 "{50F038DD-5B3A-179A-4CB2-DB56E2527E0F}" = CCC Help Dutch "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5ED61938-A4A9-FA79-3841-F022C5865AF5}" = CCC Help English "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6F28C2D1-EAB8-4193-4AE5-4EB9CA49FBED}" = CCC Help Polish "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games) "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75D84EF7-0D8C-4e70-SPCOPS-7B42A5D4E0EB}_is1" = Spec Ops The Line version 1.02 "{79D83AD9-3E68-F48A-9E73-ACD17897F265}" = CCC Help Portuguese "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{842A96FC-E07E-EC7F-A025-9C8F585B1A7F}" = CCC Help Swedish "{8495CDF7-BCF8-13F8-F5F4-D9B7E9768EDB}" = Catalyst Control Center Localization All "{84C00B33-9EAD-9C3C-9B17-2E4E2707F0F2}" = Catalyst Control Center InstallProxy "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{91C0B95B-B83A-4828-A775-BBE2DD421033}" = Nero 7 Premium "{92529891-5983-977C-3C9B-48B0814D3EE4}" = CCC Help Turkish "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{959DF55C-05EC-77BE-E43E-6F21D3AA8A86}" = CCC Help Russian "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1 "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B151381-27B4-14D6-57EE-6C48F3DA9BA6}" = Catalyst Control Center Graphics Previews Common "{9C7BF864-5A03-01D7-6811-539EE1749780}" = Catalyst Control Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E084323-F971-C72C-4943-AFE0F99F179D}" = CCC Help Thai "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC462391-9A50-EBCF-A59D-1E747C368191}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{B67298BA-EF28-809B-3539-1754416A7F0B}" = CCC Help Hungarian "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BCDADBF1-A530-1923-F3A4-9AAA44E072E5}" = CCC Help Korean "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}" = AMD System Monitor "{C3EC226D-D618-C465-4AB8-B49A51BB0771}" = CCC Help German "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DCC2B7D1-540F-4D6C-6D74-121BA4ADA7BF}" = CCC Help Japanese "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1508054-EC6B-B3B3-52D9-DF387C20ADFA}" = CCC Help French "{EAFE6D16-60E4-49A6-ACAC-34CB37E95FB7}" = Jewel Quest Heritage "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0069410-4156-1A9F-E78E-299324F8FFB4}" = CCC Help Finnish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1C32EB1-F035-ECFE-C312-A23654010759}" = CCC Help Italian "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIMP3" = AIMP3 "Any Video Converter_is1" = Any Video Converter 3.4.0 "Avisynth" = AviSynth 2.5 "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Bejeweled 3" = Bejeweled 3 "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1 "DAEMON Tools Pro" = DAEMON Tools Pro "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.1.1000 "Medal of Honor Warfighter_is1" = Medal of Honor Warfighter "Mozilla Firefox 15.0.1 (x86 pl)" = Mozilla Firefox 15.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyTomTom" = MyTomTom 3.1.0.530 "NapiProjekt_is1" = NapiProjekt (2.0.0.2151) "PIT Format 2011_is1" = PIT Format 2011 "PITy 2011_is1" = PITy 2011 dla Windows kompilacja:1.3.1.4 "PlatinumHideIP" = Platinum Hide IP "Power Data Recovery_is1" = Power Data Recovery 4.1.1 "PunkBusterSvc" = PunkBuster Services "Sniper Elite V2_is1" = Sniper Elite V2 "Sniper Ghost Warrior_is1" = Sniper Ghost Warrior "Super DX-Ball Deluxe_is1" = Super DX-Ball Deluxe v1.00 "TeamViewer 7" = TeamViewer 7 "TonCut_is1" = TonCut 5.2.51.1155 "Totalcmd" = Total Commander (Remove or Repair) "Trine 2_is1" = Trine 2 "uTorrent" = µTorrent "VobSub" = VobSub 2.23 "WildTangent acer Master Uninstall" = Acer Games "WinLiveSuite" = Windows Live Essentials "Worms Ultimate Mayhem_is1" = Worms Ultimate Mayhem "WTA-01d8c433-6c3d-4147-90bc-741d549252f1" = Plants vs. Zombies - Game of the Year "WTA-070c858d-cb9c-4277-872f-f0ce6dbb0e90" = Mystery P.I. - Stolen in San Francisco "WTA-1db59e09-3805-436e-ac59-d03c36f23fe3" = Poker Superstars III "WTA-25f26354-3778-4d53-b79b-16e7ee456ec5" = Namco All-Stars: PAC-MAN "WTA-462deea9-3337-4151-ad6d-f6850d3823eb" = Polar Bowler "WTA-5da91f73-dda9-4094-b149-f8d2c0d69858" = Torchlight "WTA-68b13bbe-25ec-49e6-a071-0f2efea411ef" = Diner Dash 2 Restaurant Rescue "WTA-77442d66-fad9-4b2f-93ee-a9f484255e9d" = Polar Golfer "WTA-81faad63-7fcb-498c-9e2e-9a870c590bb5" = FATE - The Traitor Soul "WTA-8dcca698-639c-4f9d-bb2b-112604dc2ab6" = Zuma's Revenge "WTA-a13fe340-2d90-4af3-9dc3-bec9e00e5e15" = Dora's World Adventure "WTA-a251e61f-30ff-44a1-93a0-e676fb9d5455" = Build-a-lot 2 "WTA-b8af0b9b-ff35-4c8e-8d6f-d2e680ff84dd" = Agatha Christie - 4:50 from Paddington "WTA-bcba2142-f987-4923-a544-573da79120c7" = Virtual Villagers 4 - The Tree of Life "WTA-bcba5550-0235-4513-ba11-812979b9880e" = Penguins! "WTA-be9c4bd6-3f33-4dd7-bd2b-45e8f8cfb3c1" = Bejeweled 2 Deluxe "WTA-f0b6751b-ee54-4091-9253-fa357663421e" = Chuzzle Deluxe "WTA-fc21dcb4-bfa3-49bd-bf2b-a4d344e70f70" = Final Drive: Nitro "WTA-fd47d010-2c26-49d7-b660-9b85524de3bc" = Jewel Quest Heritage "YTdetect" = Yahoo! Detect [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:24:35 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/6/2012 10:31:07 PM | Computer Name = Tomi-PC | Source = Application Error | ID = 1000 Description = Faulting application name: BESTplayer.exe, version: 2.1.0.263, time stamp: 0x2a425e19 Faulting module name: ffmpeg.dll, version: 0.0.0.0, time stamp: 0x4e565e2b Exception code: 0xc0000005 Fault offset: 0x00136ded Faulting process id: 0xaf8 Faulting application start time: 0x01cd8ca0d0c58062 Faulting application path: E:\odzysk\pobrane\BESTplayer.exe Faulting module path: C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffmpeg.dll Report Id: 138a0b13-f894-11e1-928b-206a8a483e13 [ System Events ] Error - 12/3/2012 6:40:32 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:41:10 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:41:10 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:41:55 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:41:58 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:42:00 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:42:32 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:42:36 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:42:36 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 12/3/2012 6:42:37 PM | Computer Name = Tomi-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. < End of report >

Kod: Zaznacz wszystko: aOTL logfile created on: 12/3/2012 6:01:57 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\pobrane 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.47 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 70.80% Memory free 10.95 Gb Paging File | 9.12 Gb Available in Paging File | 83.30% Paging File free Paging file location(s): e:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40.15 Gb Total Space | 3.56 Gb Free Space | 8.86% Space Free | Partition Type: NTFS Drive E: | 507.19 Gb Total Space | 356.02 Gb Free Space | 70.19% Space Free | Partition Type: NTFS Drive F: | 48.83 Gb Total Space | 29.51 Gb Free Space | 60.45% Space Free | Partition Type: NTFS Computer Name: TOMI-PC | User Name: tomi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/12/03 17:25:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\pobrane\24960-OTL.exe PRC - [2012/11/03 00:59:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/09/05 20:24:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/03/22 11:44:44 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012/02/02 05:01:04 | 003,034,432 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011/11/02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011/08/16 18:47:10 | 001,017,344 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2011/08/16 14:47:42 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe PRC - [2011/03/14 22:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011/03/14 22:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011/03/14 22:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011/03/14 22:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2011/01/17 18:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010/10/26 16:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2010/10/26 16:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2010/09/21 00:49:26 | 000,391,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010/09/21 00:47:00 | 005,511,008 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010/09/02 15:49:40 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/09/05 20:25:12 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/12/11 09:31:42 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/12/08 16:58:14 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2011/04/25 16:31:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011/02/22 23:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:[b]64bit:[/b] - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV:[b]64bit:[/b] - [2011/01/12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/11/03 00:59:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/05 20:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/22 11:44:44 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/12/09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011/11/12 10:18:37 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/08/16 18:47:10 | 001,017,344 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2011/08/16 14:53:58 | 000,199,680 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2011/08/16 14:47:42 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS) SRV - [2011/05/19 14:50:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/14 22:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/21 00:52:38 | 001,079,472 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/03/22 11:44:44 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:[b]64bit:[/b] - [2012/03/22 11:44:43 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:[b]64bit:[/b] - [2012/03/22 11:44:42 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:[b]64bit:[/b] - [2012/03/22 11:44:38 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/02/23 10:07:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012/02/23 10:04:08 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2011/09/02 21:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:[b]64bit:[/b] - [2011/09/02 21:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:[b]64bit:[/b] - [2011/07/27 10:30:40 | 000,024,456 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:[b]64bit:[/b] - [2011/07/27 10:29:08 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS) DRV:[b]64bit:[/b] - [2011/07/27 10:28:58 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM) DRV:[b]64bit:[/b] - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:[b]64bit:[/b] - [2011/04/25 17:03:28 | 009,257,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/04/25 15:55:38 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/04/16 05:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b]64bit:[/b] - [2011/04/16 05:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b]64bit:[/b] - [2011/04/12 19:46:30 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:[b]64bit:[/b] - [2011/04/05 22:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/03/02 01:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2011/02/14 21:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b]64bit:[/b] - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:[b]64bit:[/b] - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:[b]64bit:[/b] - [2011/01/13 20:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:[b]64bit:[/b] - [2010/12/21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010/12/21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010/12/21 12:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2010/12/21 12:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2010/12/21 12:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2010/12/16 02:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010/08/18 22:19:46 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT) DRV:[b]64bit:[/b] - [2010/07/09 14:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:[b]64bit:[/b] - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:[b]64bit:[/b] - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:[b]64bit:[/b] - [2010/04/20 13:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:[b]64bit:[/b] - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:[b]64bit:[/b] - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009/09/21 19:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount) DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:[b]64bit:[/b] - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - No CLSID value found IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledAddons: paprikkaFiles@paprikka.pl:0.9.8 FF - prefs.js..extensions.enabledAddons: support@auto-hide-ip.com:1.0 FF - prefs.js..extensions.enabledAddons: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 16:36:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/22 06:09:53 | 000,000,000 | ---D | M] [2012/01/23 19:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Extensions [2012/01/23 19:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/10/24 19:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions [2012/05/27 13:55:11 | 000,151,242 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\paprikkaFiles@paprikka.pl.xpi [2012/02/21 12:21:03 | 000,004,526 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\support@auto-hide-ip.com.xpi [2012/10/24 19:28:31 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/09/09 20:35:27 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012/02/16 18:05:22 | 000,041,411 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\qkw5it4g.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2012/09/29 16:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/05 20:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/05 21:57:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012/09/05 21:57:10 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012/09/05 21:57:10 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012/09/05 21:57:10 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012/09/05 21:57:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/09/05 21:57:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml Hosts file not found O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Usługa Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-8616609-2142783543-1502305995-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - Startup: C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C49036B5-89BD-4A1A-A6F2-0B9AE4B723C7}: DhcpNameServer = 192.168.2.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/04/14 17:52:43 | 000,000,000 | ---D | M] - C:\AutoHideIP -- [ NTFS ] O33 - MountPoints2\{d446678c-77f2-11e1-9a92-206a8a483e13}\Shell - "" = AutoRun O33 - MountPoints2\{d446678c-77f2-11e1-9a92-206a8a483e13}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe O33 - MountPoints2\{d4466791-77f2-11e1-9a92-206a8a483e13}\Shell - "" = AutoRun O33 - MountPoints2\{d4466791-77f2-11e1-9a92-206a8a483e13}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/12/03 17:26:54 | 000,000,000 | ---D | C] -- \_OTL [2012/12/02 22:34:29 | 000,000,000 | ---D | C] -- C:\Users\tomi\AppData\Local\bluesoleil [2012/12/02 22:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation [2012/12/02 22:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2012/12/02 22:12:20 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012/12/02 22:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012/12/02 21:59:18 | 000,000,000 | ---D | C] -- C:\Users\tomi\Desktop\zalaczniki [2012/12/01 23:19:52 | 000,000,000 | ---D | C] -- C:\Users\tomi\AppData\Roaming\Malwarebytes [2012/12/01 23:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/01 23:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/01 23:19:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/01 23:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/09 19:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super DX-Ball Deluxe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/12/03 17:49:23 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/03 17:49:23 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/03 17:42:03 | 000,001,063 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini [2012/12/03 17:41:44 | 113,856,511 | -HS- | M] () -- C:\hiberfil.sys [2012/12/02 22:13:37 | 000,000,032 | ---- | M] () -- C:\Windows\0 [2012/12/02 22:13:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI [2012/12/02 22:12:41 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk [2012/12/02 22:12:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\0 [2012/12/02 21:53:50 | 000,779,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/02 21:53:50 | 000,664,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/02 21:53:50 | 000,125,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/01 23:19:38 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/23 18:48:00 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/11/23 18:48:00 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/10 10:36:36 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/11/09 19:26:37 | 000,000,778 | ---- | M] () -- C:\Users\tomi\Desktop\Super DX-Ball Deluxe.lnk [2012/11/09 19:22:04 | 000,000,735 | ---- | M] () -- C:\Users\tomi\Desktop\Bejeweled 3.lnk [2012/11/04 09:12:45 | 000,030,574 | ---- | M] () -- C:\Users\tomi\Desktop\mbank.jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/12/02 22:13:26 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miejsca Bluetooth.lnk [2012/12/02 22:13:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI [2012/12/02 22:12:41 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk [2012/12/02 22:12:32 | 000,000,032 | ---- | C] () -- C:\Windows\0 [2012/12/02 22:12:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\0 [2012/12/01 23:19:38 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 19:26:37 | 000,000,778 | ---- | C] () -- C:\Users\tomi\Desktop\Super DX-Ball Deluxe.lnk [2012/11/04 09:12:45 | 000,030,574 | ---- | C] () -- C:\Users\tomi\Desktop\mbank.jpg [2012/10/24 19:02:28 | 000,000,092 | ---- | C] () -- C:\Users\tomi\tomi.ssi [2012/09/02 17:27:46 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini [2012/06/23 17:54:28 | 000,004,542 | ---- | C] () -- C:\Users\tomi\inde.jpg [2012/04/28 08:41:17 | 000,021,474 | ---- | C] () -- \platnosci allegro.odt [2012/04/15 12:53:13 | 000,559,019 | ---- | C] () -- C:\Users\tomi\zdj new.png [2012/04/05 19:20:36 | 007,487,509 | ---- | C] () -- \DSC00205.gif [2012/04/01 10:32:38 | 001,300,846 | ---- | C] () -- \niagara.jpg [2012/04/01 09:41:21 | 000,214,070 | ---- | C] () -- \biznes.jpg [2012/03/27 20:29:59 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2012/03/23 14:17:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012/03/23 14:17:32 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/03/23 14:17:32 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/03/23 14:17:31 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/03/20 17:17:04 | 000,000,670 | ---- | C] () -- \Mariola PIT 2011.~PITY2011NG [2012/03/19 19:27:45 | 000,000,671 | ---- | C] () -- \Mariola PIT 2011.PITY2011NG [2012/03/19 19:27:45 | 000,000,191 | ---- | C] () -- \PITY2011NG.index [2012/03/19 16:25:40 | 000,056,320 | ---- | C] () -- \RPAM_Store.dat [2012/03/19 15:56:56 | 871,507,661 | ---- | C] () -- \Tomi-PC_C_Drive001.v2i [2012/03/18 16:54:53 | 000,002,097 | ---- | C] () -- \TOMI-PC.sv2i [2012/03/18 09:47:08 | 000,012,105 | ---- | C] () -- \weeb.odt [2012/03/18 09:36:12 | 000,002,133 | ---- | C] () -- \weeb.jpg [2012/03/10 10:20:33 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/03/10 10:20:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/10 10:20:28 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2012/01/31 17:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/01/10 20:51:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011/12/08 16:45:38 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/12/08 16:45:28 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/19 02:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011/09/19 02:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/08/31 18:41:09 | 000,006,144 | ---- | C] () -- C:\Users\tomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/08/29 08:41:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011/08/26 22:31:47 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011/08/26 22:31:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011/08/26 08:23:34 | 000,000,199 | ---- | C] () -- C:\Users\tomi\AppData\Roaming\burnaware.ini [2011/08/24 01:43:26 | 000,001,038 | ---- | C] () -- C:\Users\tomi\Documents - Shortcut.lnk [2011/08/22 01:25:25 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011/08/16 18:47:16 | 000,001,063 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini [2011/08/16 14:47:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll [2011/07/26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/07/26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/07/26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/07/26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011/06/26 14:57:50 | 000,000,266 | ---- | C] () -- C:\Windows\LaunApp.ini [2011/06/26 14:52:01 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/06/26 14:50:27 | 000,001,116 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2011/06/26 14:23:22 | 000,764,922 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/26 14:18:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/05/19 14:56:19 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini [2011/05/19 14:56:19 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2011/05/19 14:56:19 | 000,000,169 | ---- | C] () -- C:\Windows\WisLangCode.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2011/11/15 16:23:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ControlCenter4 [2011/11/15 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ESET [2012/06/13 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\.minecraft [2012/03/22 11:47:20 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Acronis [2012/08/16 14:15:57 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AIMP3 [2012/07/19 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AnvSoft [2012/02/21 12:20:42 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AutoHideIP [2012/09/02 10:37:54 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\BANDISOFT [2011/08/22 05:20:44 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\BESTplayer [2011/08/25 10:14:26 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Canneverbe Limited [2012/03/27 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Carambis [2012/10/24 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Codeton [2011/08/30 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Command and Conquer 4 [2011/12/23 00:24:03 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ControlCenter4 [2012/03/17 17:42:46 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\DAEMON Tools Lite [2012/04/12 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\DAEMON Tools Pro [2011/08/22 06:10:29 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ESET [2012/10/01 18:38:02 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\EurekaLog [2011/08/22 01:05:40 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\funkitron [2012/01/11 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Gadu-Gadu 10 [2011/12/18 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\GHISLER [2012/08/05 10:56:16 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Hide IP NG [2012/06/08 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ipla [2012/02/19 08:32:56 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\IrfanView [2012/03/27 20:10:02 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\MOBILedit [2011/08/22 00:57:38 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Namco [2011/09/25 19:09:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\NapiProjekt [2011/08/26 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Nuance [2011/09/05 14:03:09 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\OpenFM [2011/12/11 09:32:17 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\OpenOffice.org [2012/03/31 20:00:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\PC Suite [2012/08/05 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\PlatinumHideIP [2011/10/02 16:41:35 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\RayV [2012/10/21 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Research In Motion [2011/11/06 10:12:14 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Rovio [2012/04/14 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Samsung [2012/01/18 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TeamViewer [2012/09/06 21:20:52 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TechSmith [2012/01/23 19:30:32 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TomTom [2012/10/24 18:58:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TonCut [2012/05/16 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Trine2 [2012/11/15 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\uTorrent [2011/11/15 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Wargaming.net [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 18165 · przez **wojtas** 04 Gru 2012, 21:12

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko to czego nie znasz za pomocą tego programu )
* wykonaj kroki finalizujące temat

nic więcej nie widać

**Posty:** 1306 · przez **tm72** 05 Gru 2012, 04:00

znalazl 11 zagrozen ... wszystko usunalem. Raport zaraz po przeskanowaniu:

Kod: Zaznacz wszystko: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Wersja bazy: v2012.12.05.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 tomi :: TOMI-PC [administrator] 04/12/2012 7:42:22 PM mbam-log-2012-12-04 (20-53-18).txt Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|) Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 386572 Upłynęło: 1 godzin(y), 9 minut(y), 16 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VobSub (Trojan.Agent) -> Nie wykonano akcji. Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 10 C:\OEM\Preload\Autorun\APP\KOBO\AcerSilentSetup.exe (Trojan.Agent) -> Nie wykonano akcji. C:\OEM\Preload\Autorun\APP\KOBO\eMachinesSilentSetup.exe (Trojan.Agent) -> Nie wykonano akcji. C:\OEM\Preload\Autorun\APP\KOBO\GatewaySilentSetup.exe (Trojan.Agent) -> Nie wykonano akcji. C:\Program Files (x86)\DAEMON Tools Pro\autoloader_dt_loader_0.4.exe (Trojan.Swisyn) -> Nie wykonano akcji. C:\Program Files (x86)\Gabest\VobSub\uninstall.exe (Trojan.Agent) -> Nie wykonano akcji. E:\odzysk\pobrane\N0rton.Ghost.15-Akiso\N0rton.Ghost.15-Akiso\Norton Ghost 15\KeyMaker\KeyMaker\KeyMaker.exe (Trojan.Agent) -> Nie wykonano akcji. E:\pobrane\programy\Fraps355.exe (Trojan.Agent) -> Nie wykonano akcji. E:\pobrane\programy\MultiBootISOs-2.1.5.2.exe (Trojan.Agent) -> Nie wykonano akcji. E:\pobrane\programy\Microsoft.Office.2010.Professional.Plus.Final.x64.PL\Microsoft.Office.2010.Professional_Plus.Final.x64.PL\offica2010_Professional_pro_x32\mini-kms_activator_v1.053_eng.exe (PUP.RiskwareTool.CK) -> Nie wykonano akcji. F:\Kies\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe (Trojan.Agent) -> Nie wykonano akcji. (zakończone)

co do reszty wszystko wykonane. Dalej nie mam pewnosci czy komputer jest czysty aczkolwiek chodzi teraz jak porche. Co myslisz ... dac jeszcze jakis log?

**Posty:** 18165 · przez **wojtas** 05 Gru 2012, 21:08

nie

komp jest czysty

Autor postu otrzymał pochwałę