Zrywanie internetu, wirus policja, sweet page

**Posty:** 32 · przez **Stopek1985** 17 Maj 2014, 10:06

Witam,
Proszę o pomoc w usunięciu problemów:
- wirus policja w wyszukiwarce chrome, nie jest to typowy objaw tego wirusa czyli komunikat w ful screen ale w pojedynczej karcie wyszukiwarki, i nie można przejść do innej karty. IE działa bez problemu.
- strona startowa http://www.sweet-page.com w IE, której nie można zmienić na inną.
- wyskakujące reklamy co jakiś czas w nowej karcie przeglądarki.
Poniżej logi:

Gmer:

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-17 09:57:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF4Z 698,64GB Running: qey2u56d.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035a4000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800035a4042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2940] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7282460 5 bytes JMP 000007fefdad02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2956] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef72b96b0 6 bytes JMP 000007fefdad0298 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdab0038 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef575dc88 5 bytes JMP 000007fff57300d8 .text C:\windows\system32\Dwm.exe[3388] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef575de10 5 bytes JMP 000007fff5730110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000769b48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000769b48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000769b4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000778f5ea5 5 bytes JMP 0000000172e72c20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000077929d0b 5 bytes JMP 0000000172e72bb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2560] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\WINMM.dll!waveOutReset 000007fef7daa38c 5 bytes JMP 000007fefdac02b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\WINMM.dll!waveOutPause 000007fef7dc4b60 5 bytes JMP 000007fefdac0238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef7dc4ba0 5 bytes JMP 000007fefdac01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1924] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3540] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3624] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\WINMM.dll!waveOutReset 000007fef7daa38c 5 bytes JMP 000007fefdac02b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\WINMM.dll!waveOutPause 000007fef7dc4b60 5 bytes JMP 000007fefdac0238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef7dc4ba0 5 bytes JMP 000007fefdac01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3684] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Windows\System32\igfxtray.exe[3704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 5 bytes JMP 000007fffdad00b8 .text C:\Windows\System32\igfxtray.exe[3704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdad0038 .text C:\Windows\System32\igfxtray.exe[3704] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 5 bytes JMP 000007fffdad0138 .text C:\Windows\System32\hkcmd.exe[3660] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 5 bytes JMP 000007fffdad00b8 .text C:\Windows\System32\hkcmd.exe[3660] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdad0038 .text C:\Windows\System32\hkcmd.exe[3660] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 5 bytes JMP 000007fffdad0138 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\Windows\System32\igfxpers.exe[3768] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\Program Files\Microsoft Security Client\msseces.exe[3852] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 5 bytes JMP 000007fffdab00b8 .text C:\Program Files\Microsoft Security Client\msseces.exe[3852] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdab0038 .text C:\Program Files\Microsoft Security Client\msseces.exe[3852] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 5 bytes JMP 000007fffdab0138 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000769b48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000769b48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000769b4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3796] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000778f5ea5 5 bytes JMP 0000000172e72c20 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3916] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000077929d0b 5 bytes JMP 0000000172e72bb0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016ff20228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016ff20180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016ff201b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016ff20110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016ff200d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016ff20148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 3 bytes JMP 000000016ff201f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\kernel32.dll!RegSetValueExA + 4 0000000077ad87e4 3 bytes [F8, CC, CC] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\WINMM.dll!waveOutReset 000007fef7daa38c 5 bytes JMP 000007fefdac02b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\WINMM.dll!waveOutPause 000007fef7dc4b60 5 bytes JMP 000007fefdac0238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4048] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef7dc4ba0 5 bytes JMP 000007fefdac01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\WINMM.dll!waveOutReset 000007fef7daa38c 5 bytes JMP 000007fefdac02b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\WINMM.dll!waveOutPause 000007fef7dc4b60 5 bytes JMP 000007fefdac0238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1356] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef7dc4ba0 5 bytes JMP 000007fefdac01b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1512] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1512] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1512] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1512] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1512] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1512] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000769b48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000769b48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000769b4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000778f5ea5 5 bytes JMP 0000000172e72c20 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000077929d0b 5 bytes JMP 0000000172e72bb0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007307adf9 5 bytes JMP 0000000110003390 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutPause 0000000073095484 5 bytes JMP 0000000110003430 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutRestart 00000000730954b8 5 bytes JMP 00000001100034d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000769b48db 5 bytes JMP 0000000100552710 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000769b48f3 5 bytes JMP 00000001005527f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000769b4925 5 bytes JMP 0000000100552780 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000778f5ea5 5 bytes JMP 0000000172e72c20 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[116] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000077929d0b 5 bytes JMP 0000000172e72bb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000769b48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000769b48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000769b4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000778f5ea5 5 bytes JMP 0000000172e72c20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000077929d0b 5 bytes JMP 0000000172e72bb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\windows\SysWOW64\RunDll32.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\windows\SysWOW64\RunDll32.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\WINMM.dll!waveOutReset 000007fef7daa38c 5 bytes JMP 000007fefdac02b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\WINMM.dll!waveOutPause 000007fef7dc4b60 5 bytes JMP 000007fefdac0238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5236] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef7dc4ba0 5 bytes JMP 000007fefdac01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000769b48db 5 bytes JMP 0000000110002710 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000769b48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000769b4925 5 bytes JMP 0000000110002780 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000778f5ea5 5 bytes JMP 0000000172e72c20 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5584] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000077929d0b 5 bytes JMP 0000000172e72bb0 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdac0180 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdac00d8 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdac0148 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdab0038 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdac0110 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdac01f0 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdac01b8 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 5 bytes JMP 000007fffdab0138 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\WINMM.dll!waveOutReset 000007fef7daa38c 5 bytes JMP 000007fefdab02b8 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\WINMM.dll!waveOutPause 000007fef7dc4b60 5 bytes JMP 000007fefdab0238 .text C:\Program Files\Internet Explorer\iexplore.exe[5488] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef7dc4ba0 5 bytes JMP 000007fefdab01b8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\user32.DLL!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdab0038 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 5 bytes JMP 000007fffdab0138 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\winmm.dll!waveOutReset 000007fef7daa38c 5 bytes JMP 000007fefdab02b8 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\winmm.dll!waveOutPause 000007fef7dc4b60 5 bytes JMP 000007fefdab0238 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\winmm.dll!waveOutRestart 000007fef7dc4ba0 5 bytes JMP 000007fefdab01b8 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\dsound.dll!DirectSoundCreate8 000007fef2046944 5 bytes JMP 000007fefdab0438 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\dsound.dll!DirectSoundCreate 000007fef2065a84 5 bytes JMP 000007fefdab0338 .text C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[1528] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef72b96b0 5 bytes JMP 000007fefdab03b8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\user32.DLL!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!RegSetValueExW 0000000077a4a400 7 bytes JMP 000000016fff0228 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077a53f20 5 bytes JMP 000000016fff0180 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077a56440 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000077a6ffb0 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a7f2e0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077aa9a30 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ab94c0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077ad87e0 7 bytes JMP 000000016fff01f0 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdaebfd0 5 bytes JMP 000007fffdac0038 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\windows\system32\StikyNot.exe[7548] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdae2db0 5 bytes JMP 000007fffdad0180 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae37d0 7 bytes JMP 000007fffdad00d8 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdae8ef0 6 bytes JMP 000007fffdad0148 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafaf60 5 bytes JMP 000007fffdad0110 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffdad01f0 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffdad01b8 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff487490 11 bytes JMP 000007fffdad0228 .text C:\windows\System32\MsSpellCheckingFacility.exe[5208] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff49bf00 7 bytes JMP 000007fffdad0260 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\user32.DLL!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076121465 2 bytes [12, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[12460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761214bb 2 bytes [12, 76] .text ... * 2 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 0000000172e73550 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 0000000172e737f0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 0000000172e73650 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 0000000172e73540 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 0000000172e73310 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 0000000172e733c0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 0000000172e73320 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d21d29 5 bytes JMP 0000000172e732b0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075d21dd7 5 bytes JMP 0000000172e73270 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d22ab1 5 bytes JMP 0000000172e733d0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d22d17 5 bytes JMP 0000000172e730b0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760be96b 5 bytes JMP 0000000172e72cd0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760beba5 5 bytes JMP 0000000172e72ce0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075f48a29 5 bytes JMP 0000000172e72c60 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075f54572 5 bytes JMP 0000000172e73030 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f6e567 5 bytes JMP 0000000172e730a0 .text C:\Users\Marcin\Desktop\Emergency\qey2u56d.exe[16836] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075fa7a5c 5 bytes JMP 0000000172e73020 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{BBD2A085-A229-49E0-AEE6-1E749DA3C7AF}\Connection@Name isatap.{54B1E279-D167-4444-A161-923AB4CCDBF2} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{EDD0AB95-4D1B-42F1-8AFC-F6593034AF24}\Connection@Name isatap.{FFF3BD0F-977D-47D9-955C-A305BE017D97} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D2C0DE2C-CE32-453C-9B5E-A90144F35990}?\Device\{9411477D-CD72-4FDD-B660-656410BE3AD4}?\Device\{16B48FE0-65CC-4A7D-A0F0-8173D287C774}?\Device\{EDD0AB95-4D1B-42F1-8AFC-F6593034AF24}?\Device\{BBD2A085-A229-49E0-AEE6-1E749DA3C7AF}?\Device\{6571B598-8E21-458A-8381-809937CF8BB7}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D2C0DE2C-CE32-453C-9B5E-A90144F35990}"?"{9411477D-CD72-4FDD-B660-656410BE3AD4}"?"{16B48FE0-65CC-4A7D-A0F0-8173D287C774}"?"{EDD0AB95-4D1B-42F1-8AFC-F6593034AF24}"?"{BBD2A085-A229-49E0-AEE6-1E749DA3C7AF}"?"{6571B598-8E21-458A-8381-809937CF8BB7}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D2C0DE2C-CE32-453C-9B5E-A90144F35990}?\Device\TCPIP6TUNNEL_{9411477D-CD72-4FDD-B660-656410BE3AD4}?\Device\TCPIP6TUNNEL_{16B48FE0-65CC-4A7D-A0F0-8173D287C774}?\Device\TCPIP6TUNNEL_{EDD0AB95-4D1B-42F1-8AFC-F6593034AF24}?\Device\TCPIP6TUNNEL_{BBD2A085-A229-49E0-AEE6-1E749DA3C7AF}?\Device\TCPIP6TUNNEL_{6571B598-8E21-458A-8381-809937CF8BB7}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\64273789d3b8 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BBD2A085-A229-49E0-AEE6-1E749DA3C7AF}@InterfaceName isatap.{54B1E279-D167-4444-A161-923AB4CCDBF2} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BBD2A085-A229-49E0-AEE6-1E749DA3C7AF}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{EDD0AB95-4D1B-42F1-8AFC-F6593034AF24}@InterfaceName isatap.{FFF3BD0F-977D-47D9-955C-A305BE017D97} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{EDD0AB95-4D1B-42F1-8AFC-F6593034AF24}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\64273789d3b8 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Marcin\AppData\Local\Temp\~DF93F6658843D96789.TMP 0 bytes File C:\Users\Marcin\AppData\Local\Temp\~DFD87F209F81061E91.TMP 0 bytes ---- EOF - GMER 2.1 ----

OTL:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2014-05-17 09:58:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcin\Desktop\Emergency 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,92 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 57,32% Memory free 15,83 Gb Paging File | 12,40 Gb Available in Paging File | 78,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 605,87 Gb Free Space | 92,54% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 11,73 Gb Free Space | 40,44% Space Free | Partition Type: NTFS Computer Name: MARCIN-KOMPUTER | User Name: Marcin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{098A14B8-99D7-48FD-B233-8F84D3B7C95A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0DCCC8BC-80EF-4AF4-AE17-34EB246580CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{130400FA-0DEA-4F7E-979B-EB9313AC4295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{16170AC7-1826-4A4F-912A-D17EA0CFD7DC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1779D5B5-EEF3-4387-8923-00942E298E44}" = lport=445 | protocol=6 | dir=in | app=system | "{1D0A0FBD-CF9B-4349-B8E2-5F884E78FFB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{293B1036-C798-4946-A898-A87C326C3359}" = lport=137 | protocol=17 | dir=in | app=system | "{3A64103E-D1D1-4B5B-952E-6219C46D5A52}" = lport=138 | protocol=17 | dir=in | app=system | "{4122D4C7-AA66-468C-8A09-9A5699B4D51B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{469997D7-1596-4FDB-8934-E25C6D24D6C3}" = lport=2869 | protocol=6 | dir=in | app=system | "{47CD0FFA-8AF5-4907-BCEF-160E21DEC9BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{55E22E34-0599-44FA-BB1D-4C09543E59B1}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{5EBD0BE5-56C8-4A27-A90A-39B674405A2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{63E789A8-5CF0-4CA6-B6E2-8D8E61A37E1C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{91A6B0A0-761C-4B9E-B9BD-53DF87336111}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9D6D518E-3BF0-4AC8-A00E-9BC548AA0E82}" = rport=10243 | protocol=6 | dir=out | app=system | "{A01E510D-4A78-4F06-8495-BF2B5FE83F0A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{A26C786D-2AF3-4B5D-83E7-AAD9CC044B95}" = rport=445 | protocol=6 | dir=out | app=system | "{A28174D1-2DA6-4679-8AA9-6B65B1AE60E3}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{A5FAD67D-68BE-498E-9676-97AA94F46F2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A93C667B-95A4-4FDC-93A3-DE96168A677E}" = rport=139 | protocol=6 | dir=out | app=system | "{B7CD5C9B-4863-4520-8539-35B5B7E256E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C0DBECDA-6557-4073-BDFF-B41EC96D8827}" = lport=139 | protocol=6 | dir=in | app=system | "{C737ECE3-D5A0-4984-8BFC-22E8D8538E42}" = rport=137 | protocol=17 | dir=out | app=system | "{CC7106C2-941E-4BA7-804D-4058EA8AF9B8}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{D71105A8-A263-4E2D-9F30-12451F1E0EE5}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{EAB7ACFF-8D9F-4500-B437-BAA5DBBD3AE9}" = rport=138 | protocol=17 | dir=out | app=system | "{F6047913-53DE-4091-9CD1-482637D92CEB}" = lport=10243 | protocol=6 | dir=in | app=system | "{FA349BA6-6C25-4FF1-B8BD-9A49E94A0703}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{132E86B1-863F-4655-973C-139D02F862B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{193B930D-5779-4EF6-A546-068BC3C659EE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{245E242D-6764-4F52-BA61-C341E3693183}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2F70559C-6E98-4DDE-AFD0-4692CB176A3B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{301BBE09-A288-46DF-AF1C-C21389D83486}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3763CD33-F16D-482F-9004-BB72C1C71A63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4CCDA4ED-27F9-4A8E-9665-85ED6AC93FB4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{5D8D1F9E-118C-48D2-82BF-41AE4EA2E9D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6C4E8B32-57A2-45FD-87CF-65F8E73229C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6E12FCD9-EBF0-4276-B0CB-05B4BEFC9919}" = protocol=6 | dir=out | app=system | "{77314B34-4E83-48C6-BD17-24C0ECCEC052}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{818BF532-AA31-4B29-BEEE-3C9431DF8127}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{85612B12-AA19-4970-A8A1-CE45485F2879}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{89792C42-EF16-40C7-9000-417F0C608F9D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{8BC1DE07-E429-40DE-9956-6D078A7ABB93}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{9B507B69-2954-4EBA-AC64-DE6896E8E3D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A90B2147-6D41-4CE4-885B-75D4F7F1F8C8}" = dir=in | app=c:\users\marcin\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{B2AF2F7D-8598-4722-9628-45941AD66A32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B7A4836C-39C9-471F-BFB4-AF511F081107}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B9647180-8CD4-48A1-A929-9772C2932669}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BAB300D4-52D8-4228-A62D-35A8D3D3B7C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{BE14B783-39AC-4E93-BEE1-9883329BC8A9}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{C0E9CCD7-CBB2-44DA-AB73-062329EE67B6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C6AA24D5-6737-4217-8A3C-A134B219D2E2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C7B30F4A-677C-47C9-8A8F-A338B1A9DD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C9C3EEF8-B02A-4352-86E6-F0E99025637A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CA38B87A-8954-47D9-80F7-6585093FAF62}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{CF1FD111-5F21-4D92-BA29-9B666E100190}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{DFCE235E-AC14-4474-A8C4-815AFA334C3A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E0F50FC5-BCC4-4FD5-A7A4-E7CFBE75C7A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E417B704-4CFB-487D-BD04-96E13D51A375}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9D41D90-E8A7-444E-A67B-6084781FBA98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F8C8813A-35CD-4E22-BD5E-02F5599DB051}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FADD48C7-F142-4E62-A642-F57C5E9C66D9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}" = SRS Control Panel "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software "{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK) "{4681CBC7-F304-4EF1-BBE9-B5CFCADCD3DA}" = Intel® PROSet/Wireless WiFi Software "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{55edfa54-e764-453a-9014-144255fb40d3}" = Intel(R) PRO/Wireless Driver "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6F280399-F8BD-4F2E-BCA4-207BEBCDE33A}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 334.89 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 334.89 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 11.10.13 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.1220 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 11.10.13 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20 "{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "CCleaner" = CCleaner "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{440d014b-4444-4533-b96d-2910e1ca2bcf}" = Oprogramowanie Intel® PROSet/Wireless "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14 "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50" = MioMore Desktop 7.50 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Polish "{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Podręcznik użytkownika "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Polski VAG 2.5_is1" = Polski VAG 2.5 "VeriFace" = VeriFace "WinLiveSuite" = Podstawowe programy Windows Live [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "OpenFM" = OpenFM [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-05-10 09:37:26 | Computer Name = Marcin-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-11 03:15:02 | Computer Name = Marcin-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-12 02:09:05 | Computer Name = Marcin-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-12 15:43:11 | Computer Name = Marcin-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-13 01:52:15 | Computer Name = Marcin-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-14 02:12:54 | Computer Name = Marcin-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-14 02:14:24 | Computer Name = Marcin-Komputer | Source = MsiInstaller | ID = 1024 Description = Error - 2014-05-15 02:27:32 | Computer Name = Marcin-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2014-05-15 02:29:01 | Computer Name = Marcin-Komputer | Source = MsiInstaller | ID = 1024 Description = Error - 2014-05-15 15:11:28 | Computer Name = Marcin-Komputer | Source = Google Update | ID = 20 Description = [ System Events ] Error - 2014-05-16 13:01:57 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:01:57 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:01:57 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:03:00 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:03:00 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:03:01 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:03:01 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:03:01 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:03:15 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error - 2014-05-16 13:03:15 | Computer Name = Marcin-Komputer | Source = Schannel | ID = 36888 Description = Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. < End of report > OTL logfile created on: 2014-05-17 09:58:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcin\Desktop\Emergency 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,92 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 57,32% Memory free 15,83 Gb Paging File | 12,40 Gb Available in Paging File | 78,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 605,87 Gb Free Space | 92,54% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 11,73 Gb Free Space | 40,44% Space Free | Partition Type: NTFS Computer Name: MARCIN-KOMPUTER | User Name: Marcin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-05-17 09:17:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin\Desktop\Emergency\OTL_[www.programosy.pl].exe PRC - [2014-02-05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-04-02 17:47:03 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2012-04-02 17:44:23 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011-02-15 14:26:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010-12-20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010-12-20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010-12-05 03:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-02-08 20:34:51 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012-04-02 17:47:03 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2012-04-02 17:44:22 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2010-11-11 12:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2010-11-11 12:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-03-11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2014-03-11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-02-05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2013-11-20 19:00:20 | 003,674,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2013-11-20 18:59:58 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2013-11-20 18:59:38 | 000,631,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2013-11-20 18:58:50 | 000,154,864 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2013-07-29 05:01:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2012-09-12 19:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:[b]64bit:[/b] - [2011-02-15 14:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2010-09-22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2014-05-14 00:10:20 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-02-05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2014-01-30 00:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-11-11 23:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-09-24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-12-20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010-12-20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-03-11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2014-02-08 20:34:51 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2014-01-30 00:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2014-01-14 10:52:20 | 000,086,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:[b]64bit:[/b] - [2014-01-14 10:52:20 | 000,079,592 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:[b]64bit:[/b] - [2013-12-27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2013-07-29 05:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:[b]64bit:[/b] - [2013-07-29 05:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2013-05-29 06:10:52 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2013-02-12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2012-04-02 17:58:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:[b]64bit:[/b] - [2012-04-02 17:58:32 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:[b]64bit:[/b] - [2012-04-02 17:45:48 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:[b]64bit:[/b] - [2012-04-02 17:45:48 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-09-29 05:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-09-29 05:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-02-15 08:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:[b]64bit:[/b] - [2011-02-15 08:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2011-02-15 08:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2011-02-15 08:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2011-02-15 08:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2010-12-22 14:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010-12-05 03:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:[b]64bit:[/b] - [2010-12-01 07:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:[b]64bit:[/b] - [2010-11-30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-10-19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-10-14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010-05-31 05:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-07-21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marcin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2013-04-21 01:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:[b]64bit:[/b] - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE02644-9ADC-4E7B-BE34-6ECAC087EEF0}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-05-15 08:10:12 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014-05-15 08:10:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2014-05-14 08:19:49 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014-05-14 08:19:49 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2014-05-14 08:19:37 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2014-05-14 08:19:36 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2014-05-14 08:19:36 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2014-05-14 08:19:36 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll [2014-05-14 08:19:36 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe [2014-05-14 08:19:35 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2014-05-14 08:19:35 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll [2014-05-14 08:19:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2014-05-14 08:19:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll [2014-05-14 08:19:34 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll [2014-05-14 08:19:34 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll [2014-05-14 08:19:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll [2014-05-14 08:19:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll [2014-05-14 08:19:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll [2014-05-14 08:19:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll [2014-05-14 08:19:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll [2014-05-14 08:19:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll [2014-05-14 08:19:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll [2014-05-14 08:19:33 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll [2014-05-14 08:19:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll [2014-05-14 08:19:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll [2014-05-14 08:19:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll [2014-05-14 08:19:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll [2014-05-10 17:17:09 | 000,000,000 | -HSD | C] -- C:\Users\Marcin\AppData\Local\EmieUserList [2014-05-10 17:17:09 | 000,000,000 | -HSD | C] -- C:\Users\Marcin\AppData\Local\EmieSiteList [2014-05-07 23:20:39 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel [2014-05-07 08:19:59 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Macromedia [2014-05-07 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\OpenFM [2014-05-06 22:08:49 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\GG [2014-05-06 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\GG [2014-05-06 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\OpenFM [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-05-17 09:10:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2014-05-17 08:18:08 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-05-17 08:18:08 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-05-17 08:03:05 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA.job [2014-05-17 08:03:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014-05-16 18:48:52 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core.job [2014-05-15 08:33:39 | 001,670,590 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2014-05-15 08:33:39 | 000,740,688 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2014-05-15 08:33:39 | 000,654,480 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2014-05-15 08:33:39 | 000,156,230 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2014-05-15 08:33:39 | 000,122,352 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2014-05-15 08:28:06 | 000,524,664 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2014-05-14 00:10:20 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2014-05-14 00:10:20 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2014-05-11 01:34:07 | 000,010,293 | ---- | M] () -- C:\Users\Marcin\Desktop\1517700_764254753604697_999939387_n.jpg [2014-05-11 01:28:52 | 000,006,923 | ---- | M] () -- C:\Users\Marcin\Desktop\1536452_764258243604348_895079122_n.jpg [2014-05-09 08:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014-05-09 08:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2014-05-06 22:08:43 | 000,001,186 | ---- | M] () -- C:\Users\Marcin\Desktop\OpenFM.lnk [2014-05-06 05:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014-05-06 04:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-05-11 01:37:40 | 000,010,293 | ---- | C] () -- C:\Users\Marcin\Desktop\1517700_764254753604697_999939387_n.jpg [2014-05-11 01:29:08 | 000,006,923 | ---- | C] () -- C:\Users\Marcin\Desktop\1536452_764258243604348_895079122_n.jpg [2014-05-06 22:08:43 | 000,001,186 | ---- | C] () -- C:\Users\Marcin\Desktop\OpenFM.lnk [2014-05-06 22:08:42 | 000,001,194 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk [2014-02-26 22:57:40 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2014-01-30 00:02:42 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2014-01-30 00:02:22 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2014-01-30 00:02:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2013-07-27 02:21:21 | 000,000,114 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\WB.CFG [2013-07-05 22:22:44 | 000,000,005 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\WBPU-Q3-TTL.DAT [2013-06-18 22:11:27 | 000,000,005 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\WBPU-Q2-TTL.DAT [2013-06-12 22:03:11 | 000,000,006 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\WBPU-TTL.DAT [2013-05-22 08:14:07 | 001,643,196 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013-03-28 21:36:07 | 000,000,139 | ---- | C] () -- C:\windows\disney.ini [2013-03-28 21:11:00 | 000,003,592 | ---- | C] () -- C:\Users\Marcin\AppData\Local\HH.SAV [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A9662AE0 < End of report >

**Posty:** 2183 · przez **NieWiem** 17 Maj 2014, 11:48

Pobierz FRST w wersji zgodnej z Twoim systemem - 64bit.
Zapisz na pulpicie, uruchom, kliknij scan.
Wygeneruje dwa logi. Obydwa proszę załączyć na forum.

**Posty:** 32 · przez **Stopek1985** 17 Maj 2014, 12:56

Kod: Zaznacz wszystko: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Marcin at 2014-05-17 12:51:17 Running from C:\Users\Marcin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Aktualizacje NVIDIA 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo) Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0109.128 - Mio Technology) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Sterownik graficzny 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation) NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo) Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden OpenFM (HKCU\...\OpenFM) (Version: 2 - GG Network S.A.) Oprogramowanie Intel® PROSet/Wireless (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Panel sterowania NVIDIA 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podręcznik użytkownika (x32 Version: 1.0.0.6 - Lenovo) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polski VAG 2.5 (HKLM-x32\...\Polski VAG 2.5_is1) (Version: 2.502 - www.obd2.pl) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 15-04-2014 05:22:53 Windows Update 16-04-2014 22:07:43 Installed Java 7 Update 55 21-04-2014 20:38:35 Windows Update 25-04-2014 22:48:57 Windows Update 29-04-2014 05:56:27 Windows Update 02-05-2014 15:33:26 Windows Update 04-05-2014 20:00:59 Windows Update 07-05-2014 21:20:23 Windows Update 11-05-2014 07:26:25 Windows Update 15-05-2014 06:07:24 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0BAA7C78-AD1B-42DA-8C61-20FDDFE6292E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {3D488271-4A5C-494F-A3F2-CD596CEDFC73} - \DSite No Task File <==== ATTENTION Task: {62BEEC27-B092-4751-8B3C-FFB62B442D9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.) Task: {6B839703-72D7-4EF7-BC4D-611CB9BA7A11} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION Task: {731BA4A3-3781-4C6C-89A5-22F9A4B6FFD2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.) Task: {931415A6-B615-4762-AA56-4755D0633E10} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {A58BC6EE-EAD0-48CC-A0C6-45BD3CC31057} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {A667B78F-F75F-40B6-8F5A-5BAE2D77D001} - System32\Tasks\Google Updater and Installer => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe Task: {E9202DA9-BE20-425E-A34D-99648272597B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core.job => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA.job => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-01 02:16 - 2014-02-08 20:34 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-03-01 01:55 - 2014-02-08 19:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2010-11-11 12:42 - 2010-11-11 12:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2010-11-11 12:44 - 2010-11-11 12:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2012-04-02 17:44 - 2012-04-02 17:44 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll 2008-12-20 05:20 - 2012-04-02 17:58 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-20 05:20 - 2012-04-02 17:58 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2011-02-15 14:26 - 2011-02-15 14:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll 2011-04-14 05:01 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-04-02 17:47 - 2012-04-02 17:47 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2014-03-01 02:16 - 2014-02-08 20:34 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2010-11-11 12:38 - 2010-11-11 12:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2010-11-11 12:39 - 2010-11-11 12:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2012-04-02 17:44 - 2012-04-02 17:44 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:A9662AE0 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AVGIDSAgent => 2 MSCONFIG\Services: avgwd => 2 MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/15/2014 09:11:28 PM) (Source: Google Update) (EventID: 20) (User: Marcin-Komputer) Description: Network Request Error. Error: 0x80040880. Http status code: 200. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072ee2. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040880 Error: (05/15/2014 08:29:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: Marcin-Komputer) Description: Produkt: Adobe Reader XI - Polish - nie można zainstalować aktualizacji '{AC76BA86-7AD7-0000-2550-7A8C40011007}'. Kod błędu 1625. Instalator Windows może tworzyć dzienniki, aby ułatwić rozwiązywanie problemów z instalowaniem pakietów oprogramowania. Użyj następującego łącza, aby uzyskać instrukcje dotyczące włączania obsługi rejestrowania: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/15/2014 08:27:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2014 08:14:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Marcin-Komputer) Description: Produkt: Adobe Reader XI - Polish - nie można zainstalować aktualizacji '{AC76BA86-7AD7-0000-2550-7A8C40011007}'. Kod błędu 1625. Instalator Windows może tworzyć dzienniki, aby ułatwić rozwiązywanie problemów z instalowaniem pakietów oprogramowania. Użyj następującego łącza, aby uzyskać instrukcje dotyczące włączania obsługi rejestrowania: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/14/2014 08:12:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2014 07:52:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 09:43:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 08:09:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 09:15:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 03:37:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/17/2014 10:18:59 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:59 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:59 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:59 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:28 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:28 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:28 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:26 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/17/2014 10:18:26 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Error: (05/16/2014 07:03:15 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT) Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252. Microsoft Office Sessions: ========================= Error: (05/15/2014 09:11:28 PM) (Source: Google Update) (EventID: 20) (User: Marcin-Komputer) Description: Network Request Error. Error: 0x80040880. Http status code: 200. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072ee2. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040880 Error: (05/15/2014 08:29:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: Marcin-Komputer) Description: Adobe Reader XI - Polish{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/15/2014 08:27:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2014 08:14:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Marcin-Komputer) Description: Adobe Reader XI - Polish{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/14/2014 08:12:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2014 07:52:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 09:43:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 08:09:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 09:15:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 03:37:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-09-23 21:36:08.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.147 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.138 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:39:08.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:39:08.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:38:45.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.455 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.330 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 8106.14 MB Available physical RAM: 4194.97 MB Total Pagefile: 16210.46 MB Available Pagefile: 12190.13 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:654.69 GB) (Free:605.79 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:11.73 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 97F404AB) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ==================== End Of Log ============================

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Marcin (administrator) on MARCIN-KOMPUTER on 17-05-2014 12:50:50 Running from C:\Users\Marcin\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-02] (Lenovo) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-02] (Lenovo) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-02] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-02] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-02] (Lenovo) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Facebook Update] => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-28] (Facebook Inc.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [RESTART_STICKY_NOTES] => C:\windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1395471506&from=wpc&uid=HITACHIXHTS727575A9E364_J3740084H7AJ9EH7AJ9EX&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ==================== Services (Whitelisted) ================= S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 IAStorDataMgrSvc; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerServic; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SoftwareService; S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U2 Stereo Service; U3 awrdrpoc; \??\C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-17 12:50 - 2014-05-17 12:50 - 02067456 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe 2014-05-17 12:50 - 2014-05-17 12:50 - 00015480 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-17 12:50 - 2014-05-17 12:50 - 00000000 ____D () C:\FRST 2014-05-15 08:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 08:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 08:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 08:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-14 08:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-14 08:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-14 08:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-14 08:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-14 08:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-14 08:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-14 08:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-14 08:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-14 08:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-14 08:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-05-14 08:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-07 23:20 - 2014-05-15 08:26 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe 2014-04-17 00:08 - 2014-04-17 00:08 - 00004129 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 00:08 - 2014-04-17 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-17 00:08 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-17 00:08 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-04-17 00:08 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-04-17 00:08 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-04-17 00:07 - 2014-04-17 00:07 - 00921512 _____ (Oracle Corporation) C:\Users\Marcin\Downloads\chromeinstall-7u55 (1).exe 2014-04-17 00:06 - 2014-04-17 00:07 - 00921512 _____ (Oracle Corporation) C:\Users\Marcin\Downloads\chromeinstall-7u55.exe ==================== One Month Modified Files and Folders ======= 2014-05-17 12:50 - 2014-05-17 12:50 - 02067456 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe 2014-05-17 12:50 - 2014-05-17 12:50 - 00015480 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-17 12:50 - 2014-05-17 12:50 - 00000000 ____D () C:\FRST 2014-05-17 12:47 - 2014-03-01 11:02 - 01694648 _____ () C:\windows\WindowsUpdate.log 2014-05-17 12:47 - 2013-03-05 23:06 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-17 12:47 - 2012-04-02 17:44 - 01674497 _____ () C:\FaceProv.log 2014-05-17 12:47 - 2012-04-02 17:44 - 00000000 ____D () C:\ProgramData\VeriFace 2014-05-17 10:57 - 2014-04-15 08:16 - 00005992 _____ () C:\windows\setupact.log 2014-05-17 10:17 - 2013-07-28 16:12 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA.job 2014-05-17 10:03 - 2014-02-26 23:43 - 00000000 ___RD () C:\Users\Marcin\Desktop\Emergency 2014-05-17 08:18 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-17 08:18 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-17 08:03 - 2013-03-03 18:00 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\Skype 2014-05-16 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-16 18:48 - 2013-07-28 16:12 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core.job 2014-05-16 18:47 - 2013-09-26 19:33 - 00004016 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BD51B57B-4247-45FC-836F-86288680033C} 2014-05-16 09:13 - 2012-04-02 17:54 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-15 08:33 - 2012-04-03 00:54 - 00740688 _____ () C:\windows\system32\perfh015.dat 2014-05-15 08:33 - 2012-04-03 00:54 - 00156230 _____ () C:\windows\system32\perfc015.dat 2014-05-15 08:33 - 2009-07-14 07:13 - 01670590 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-15 08:29 - 2013-05-20 06:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 08:28 - 2012-04-02 17:45 - 00524664 _____ () C:\windows\system32\fastboot.set 2014-05-15 08:27 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-15 08:26 - 2014-05-07 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-15 08:09 - 2013-07-23 07:24 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 08:08 - 2013-07-02 21:06 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 00:10 - 2013-03-05 23:06 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-09 08:14 - 2014-05-14 08:19 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 08:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe 2014-05-06 06:40 - 2014-05-15 08:10 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 08:10 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 08:10 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 08:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-04-17 00:08 - 2014-04-17 00:08 - 00004129 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 00:08 - 2014-04-17 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-17 00:08 - 2014-02-26 22:55 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-17 00:08 - 2013-10-29 02:00 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-17 00:07 - 2014-04-17 00:07 - 00921512 _____ (Oracle Corporation) C:\Users\Marcin\Downloads\chromeinstall-7u55 (1).exe 2014-04-17 00:07 - 2014-04-17 00:06 - 00921512 _____ (Oracle Corporation) C:\Users\Marcin\Downloads\chromeinstall-7u55.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 08:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-10 09:42 ==================== End Of Log ============================

**Posty:** 2183 · przez **NieWiem** 17 Maj 2014, 20:14

Pobierz AdwCleaner.
Uruchom i wciśnij Scan.
Kiedy skończy wciśnij Clean i zgodź się na restart.
Wyświetlony po restarcie raport załącz.

Pobierz Junkware Removal Tool.
Uruchom i poczekaj cierpliwie.
Uwaga: na czas pracy programu należy wyłączyć programy z rezydentną ochroną (AV, AS), ponieważ "ubijają" one składniki JRT.
Po ukończeniu pojawi się raport - załącz go w odpowiedzi.

**Posty:** 32 · przez **Stopek1985** 18 Maj 2014, 11:07

AdwCleaner

Kod: Zaznacz wszystko: # AdwCleaner v3.208 - Log utworzony 18/05/2014 o 11:04:39 # Aktualizacja 11/05/2014 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : Marcin - MARCIN-KOMPUTER # Ścieżka : C:\Users\Marcin\Desktop\Emergency\adwcleaner_3.208.exe # Opcja : Usuń ***** [ Usługi ] ***** ***** [ Pliki / Foldery ] ***** Folder Usunięto : C:\ProgramData\WPM Folder Usunięto : C:\ProgramData\sAffeweB Folder Usunięto : C:\ProgramData\YoutubeAdblocker Folder Usunięto : C:\Program Files (x86)\sAffeweB Folder Usunięto : C:\Program Files (x86)\YoutubeAdblocker Folder Usunięto : C:\Users\Administrator\AppData\Local\torch Folder Usunięto : C:\Users\Gość\AppData\Local\torch Folder Usunięto : C:\Users\HomeGroupUser$\AppData\Local\torch Folder Usunięto : C:\Users\Marcin\AppData\Local\torch Folder Usunięto : C:\Users\Marcin\AppData\Roaming\OpenCandy Folder Usunięto : C:\Users\Marcin\AppData\Roaming\SkypEmoticons Folder Usunięto : C:\Users\Marcin\AppData\Roaming\sweet-page Folder Usunięto : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpeahdbbefbpkcijefmfjmfglbmnhbk Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpeahdbbefbpkcijefmfjmfglbmnhbk Folder Usunięto : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpeahdbbefbpkcijefmfjmfglbmnhbk Folder Usunięto : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgicefpmenkfdncnajomnadnlljhnenc Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgicefpmenkfdncnajomnadnlljhnenc Folder Usunięto : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgicefpmenkfdncnajomnadnlljhnenc Plik Usunięto : C:\Users\Marcin\AppData\Roaming\LiveSupport.exe_log.txt Plik Usunięto : C:\Users\Marcin\AppData\Roaming\regsvr32.exe_log.txt ***** [ Skróty ] ***** Skrót Wyleczono : C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Skrót Wyleczono : C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Skrót Wyleczono : C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Skrót Wyleczono : C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ***** [ Rejestr ] ***** Klucz Usunięto : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1820851148 Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Klucz Usunięto : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Klucz Usunięto : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Klucz Usunięto : HKLM\Software\supWPM Klucz Usunięto : HKLM\Software\sweet-pageSoftware Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v11.0.9600.17041 Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [3451 octets] - [14/10/2013 21:38:26] AdwCleaner[R1].txt - [2571 octets] - [26/02/2014 23:31:03] AdwCleaner[R2].txt - [910 octets] - [27/02/2014 00:36:18] AdwCleaner[R3].txt - [7009 octets] - [18/05/2014 11:03:32] AdwCleaner[S0].txt - [3346 octets] - [14/10/2013 21:39:24] AdwCleaner[S1].txt - [2386 octets] - [26/02/2014 23:31:54] AdwCleaner[S2].txt - [967 octets] - [27/02/2014 00:37:09] AdwCleaner[S3].txt - [4955 octets] - [18/05/2014 11:04:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [5015 octets] ##########

Dodano Dzisiaj, 10:28:
JRT:

Kod: Zaznacz wszystko: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Marcin on 2014-05-18 at 11:17:01,95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 2014-05-18 at 11:22:52,33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JRT musiałem powtórzyć bo zamknąłem raport przez przypadek...

**Posty:** 2183 · przez **NieWiem** 18 Maj 2014, 12:21

No i dzięki temu nie wiem, co program robił...

Wygeneruj nowe raporty z FRST. Mają być zaznaczone opcje Shortcut i Addition, więc dostaniesz w sumie 3 pliki.

**Posty:** 32 · przez **Stopek1985** 19 Maj 2014, 00:24

Kod: Zaznacz wszystko: Users shortcut scan result (x64) Version: 17-05-2014 Ran by Marcin at 2014-05-19 00:23:06 Running from C:\Users\Marcin\Desktop\Emergency Boot Mode: Normal ==================== Shortcuts ============================= Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1045-7B44-AB0000000001}\SC_Reader.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk -> C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polski VAG 2.5\Deinstalacja programu Polski VAG 2.5.lnk -> C:\Program Files (x86)\Polski VAG 2.5\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polski VAG 2.5\Instrukcja instalacji sterownika.lnk -> C:\Program Files (x86)\Polski VAG 2.5\pdf\Instalacja sterownika USB.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polski VAG 2.5\Kody usterek VAG.lnk -> C:\Program Files (x86)\Polski VAG 2.5\pdf\Kody usterek VAG.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polski VAG 2.5\Lokalizacja Złącz.lnk -> C:\Program Files (x86)\Polski VAG 2.5\pdf\Lokalizacja złącz.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polski VAG 2.5\Menedżer urządzeń windows.lnk -> C:\Windows\System32\devmgmt.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polski VAG 2.5\Polski VAG 2.5.lnk -> C:\Program Files (x86)\Polski VAG 2.5\VAG2.5.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polski VAG 2.5\Strona WWW programu Polski VAG 2.5.lnk -> C:\Program Files (x86)\Polski VAG 2.5\abc\producent.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe (NVIDIA) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo EE Boot Optimizer.lnk -> C:\Program Files (x86)\Lenovo\Boot Optimizer\fbset.exe (Lenovo ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo VeriFace 4.0.lnk -> C:\Program Files (x86)\Lenovo\VeriFace\VeriFace.exe (Lenovo) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Podręcznik użytkownika.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\YouCam\CyberLink YouCam.lnk -> C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation\Intel(R) Wireless Display\Intel(R) Wireless Display.lnk -> C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Intel.sav\ExtremeGraphics\CUI\Resource\Grafika HD Intel®.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation) Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Grafika HD Intel®.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation) Shortcut: C:\Users\Default\Desktop\Cyberlink Power2Go.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe (Cyberlink) Shortcut: C:\Users\Default\Desktop\OneKey Recovery.lnk -> C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (CyberLink) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Plik Readme.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Language\Plk\Readme.htm () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Pomoc online dla Power2Go.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Language\Plk\Power2Go.chm () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe (Cyberlink) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe (Cyberlink) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\OneKey Recovery\OneKey Recovery.lnk -> C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (CyberLink) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\Links\Desktop.lnk -> C:\Users\Marcin\Desktop () Shortcut: C:\Users\Marcin\Links\Downloads.lnk -> C:\Users\Marcin\Downloads () Shortcut: C:\Users\Marcin\Desktop\Cyberlink Power2Go.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe (Cyberlink) Shortcut: C:\Users\Marcin\Desktop\MioMore Desktop 7.50.lnk -> C:\Program Files (x86)\Mio\MioMore Desktop 7.50\MioMore.exe (MiTAC International Corporation) Shortcut: C:\Users\Marcin\Desktop\OneKey Recovery.lnk -> C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (CyberLink) Shortcut: C:\Users\Marcin\Desktop\OpenFM.lnk -> C:\Users\Marcin\AppData\Local\OpenFM\Application\openfm.exe (Mozilla Foundation) Shortcut: C:\Users\Marcin\Desktop\Polski VAG 2.5.lnk -> C:\Program Files (x86)\Polski VAG 2.5\VAG2.5.exe () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk -> C:\Users\Marcin\AppData\Local\OpenFM\Application\openfm.exe (Mozilla Foundation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mio\MioMore Desktop 7.50.lnk -> C:\Program Files (x86)\Mio\MioMore Desktop 7.50\MioMore.exe (MiTAC International Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Plik Readme.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Language\Plk\Readme.htm () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Pomoc online dla Power2Go.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Language\Plk\Power2Go.chm () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe (Cyberlink) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe (Cyberlink) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\OneKey Recovery\OneKey Recovery.lnk -> C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (CyberLink) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk -> C:\Program Files (x86)\Lenovo\Energy Management\Pol.chm () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk -> C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Polski VAG 2.5.lnk -> C:\Program Files (x86)\Polski VAG 2.5\VAG2.5.exe () Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\openfm.lnk -> C:\Users\Marcin\AppData\Local\OpenFM\Application\openfm.exe (Mozilla Foundation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\Users\Marcin\AppData\Local\OpenFM\Application\openfm.lnk -> C:\Users\Marcin\AppData\Local\OpenFM\Application\openfm.exe (Mozilla Foundation) Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\CyberLink YouCam.lnk -> C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) Shortcut: C:\Users\Public\Desktop\Intel(R) Wireless Display.lnk -> C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (Intel Corporation) Shortcut: C:\Users\Public\Desktop\Lenovo EE Boot Optimizer.lnk -> C:\Program Files (x86)\Lenovo\Boot Optimizer\fbset.exe (Lenovo ) Shortcut: C:\Users\Public\Desktop\Lenovo VeriFace 4.0.lnk -> C:\Program Files (x86)\Lenovo\VeriFace\VeriFace.exe (Lenovo) Shortcut: C:\Users\Public\Desktop\Podręcznik użytkownika.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo) Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\YouCam\CyberLink YouCam Mirror.lnk -> C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) -> /m ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Advanced Statistics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Advanced Statistics ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Event Viewer.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Wireless Event Viewer ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Manual Diagnostics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Wireless Diagnostics ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Rejestracja Online.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:PLK ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Marcin\Links\GG dysk.lnk -> C:\Users\Marcin\GG dysk () -> --ggiconindex=-201 --ggiconpath=C:\Users\Marcin\AppData\Local\GG\Application\ggdrive\ggdrive-resources.dll ShortcutWithArgument: C:\Users\Marcin\Favorites\GG dysk.lnk -> C:\Users\Marcin\GG dysk () -> --ggiconindex=-201 --ggiconpath=C:\Users\Marcin\AppData\Local\GG\Application\ggdrive\ggdrive-resources.dll ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Power2Go\Rejestracja Online.lnk -> C:\Program Files (x86)\Lenovo\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:PLK ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Onekey Theater\Uruchom OneKey Theater.Lnk -> C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) -> -start ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Onekey Theater\Zakończ OneKey Theater.Lnk -> C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) -> -stop ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner InternetURL: C:\Users\Default\Favorites\Poketalk with Lenovo.url -> hxxp://www.poketalk.com/lenovo.html InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo Support.url -> hxxp://consumersupport.lenovo.com/ InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo.url -> hxxp://www.lenovo.com/ InternetURL: C:\Users\Default\Desktop\Lenovo Telephony Start Now.url -> hxxp://www.poketalk.com/lenovo.html InternetURL: C:\Users\Marcin\Favorites\Poketalk with Lenovo.url -> hxxp://www.poketalk.com/lenovo.html InternetURL: C:\Users\Marcin\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> hxxp://go.microsoft.com/fwlink/?LinkId=142211 InternetURL: C:\Users\Marcin\Favorites\Links for Polska\Bezpieczny Internet.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129626 InternetURL: C:\Users\Marcin\Favorites\Links for Polska\Kultura.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129625 InternetURL: C:\Users\Marcin\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129624 InternetURL: C:\Users\Marcin\Favorites\Links for Polska\Polska.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129622 InternetURL: C:\Users\Marcin\Favorites\Links\Galeria obiektów Web Slice.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Marcin\Favorites\Links\Sugerowane witryny.url -> https://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Marcin\Favorites\Lenovo\Lenovo Support.url -> hxxp://consumersupport.lenovo.com/ InternetURL: C:\Users\Marcin\Favorites\Lenovo\Lenovo.url -> hxxp://www.lenovo.com/ InternetURL: C:\Users\Marcin\Desktop\Lenovo Telephony Start Now.url -> hxxp://www.poketalk.com/lenovo.html ==================== End of log =============================

Dodano Dzisiaj, 23:24:

Kod: Zaznacz wszystko: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Marcin at 2014-05-19 00:22:42 Running from C:\Users\Marcin\Desktop\Emergency Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Aktualizacje NVIDIA 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo) Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0109.128 - Mio Technology) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Sterownik graficzny 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation) NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo) Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden OpenFM (HKCU\...\OpenFM) (Version: 2 - GG Network S.A.) Oprogramowanie Intel® PROSet/Wireless (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Panel sterowania NVIDIA 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podręcznik użytkownika (x32 Version: 1.0.0.6 - Lenovo) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polski VAG 2.5 (HKLM-x32\...\Polski VAG 2.5_is1) (Version: 2.502 - www.obd2.pl) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 21-04-2014 20:38:35 Windows Update 25-04-2014 22:48:57 Windows Update 29-04-2014 05:56:27 Windows Update 02-05-2014 15:33:26 Windows Update 04-05-2014 20:00:59 Windows Update 07-05-2014 21:20:23 Windows Update 11-05-2014 07:26:25 Windows Update 15-05-2014 06:07:24 Windows Update 18-05-2014 08:10:54 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0BAA7C78-AD1B-42DA-8C61-20FDDFE6292E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {3D488271-4A5C-494F-A3F2-CD596CEDFC73} - \DSite No Task File <==== ATTENTION Task: {62BEEC27-B092-4751-8B3C-FFB62B442D9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.) Task: {6B839703-72D7-4EF7-BC4D-611CB9BA7A11} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION Task: {731BA4A3-3781-4C6C-89A5-22F9A4B6FFD2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.) Task: {931415A6-B615-4762-AA56-4755D0633E10} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {A58BC6EE-EAD0-48CC-A0C6-45BD3CC31057} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {A667B78F-F75F-40B6-8F5A-5BAE2D77D001} - System32\Tasks\Google Updater and Installer => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe Task: {E9202DA9-BE20-425E-A34D-99648272597B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core.job => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA.job => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-11 12:42 - 2010-11-11 12:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2010-11-11 12:44 - 2010-11-11 12:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2008-12-20 05:20 - 2012-04-02 17:58 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2012-04-02 17:47 - 2012-04-02 17:47 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2011-04-14 05:01 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-02-15 14:26 - 2011-02-15 14:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll 2012-04-02 17:44 - 2012-04-02 17:44 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll 2008-12-20 05:20 - 2012-04-02 17:58 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2010-11-11 12:38 - 2010-11-11 12:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2010-11-11 12:39 - 2010-11-11 12:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2012-04-02 17:44 - 2012-04-02 17:44 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:A9662AE0 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AVGIDSAgent => 2 MSCONFIG\Services: avgwd => 2 MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY ==================== Faulty Device Manager Devices ============= Name: NVIDIA GeForce GT 630M Description: NVIDIA GeForce GT 630M Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvlddmkm Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (05/18/2014 00:04:55 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-09-23 21:36:08.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.147 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.138 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:39:08.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:39:08.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:38:45.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.455 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.330 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8106.14 MB Available physical RAM: 5727.92 MB Total Pagefile: 16210.46 MB Available Pagefile: 13762.43 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:654.69 GB) (Free:607.34 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:11.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 97F404AB) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ==================== End Of Log ============================

Dodano Dzisiaj, 23:25:

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Marcin (administrator) on MARCIN-KOMPUTER on 19-05-2014 00:22:12 Running from C:\Users\Marcin\Desktop\Emergency Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Facebook Inc.) C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-02] (Lenovo) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-02] (Lenovo) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-02] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-02] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-02] (Lenovo) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Facebook Update] => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-28] (Facebook Inc.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ==================== Services (Whitelisted) ================= S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 IAStorDataMgrSvc; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerServic; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SoftwareService; S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 11:22 - 2014-05-18 11:22 - 00000626 _____ () C:\Users\Marcin\Desktop\JRT.txt 2014-05-18 11:08 - 2014-05-18 11:08 - 00000000 ____D () C:\windows\ERUNT 2014-05-18 11:05 - 2014-05-18 11:05 - 00290024 _____ () C:\windows\system32\FNTCACHE.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00060824 _____ () C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00000964 _____ () C:\windows\PFRO.log 2014-05-18 11:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-17 15:47 - 2014-05-18 12:04 - 00000392 _____ () C:\windows\setupact.log 2014-05-17 15:47 - 2014-05-17 15:47 - 00000000 _____ () C:\windows\setuperr.log 2014-05-17 12:51 - 2014-05-17 12:51 - 00029883 _____ () C:\Users\Marcin\Downloads\Addition.txt 2014-05-17 12:50 - 2014-05-19 00:22 - 00000000 ____D () C:\FRST 2014-05-17 12:50 - 2014-05-17 12:51 - 00030295 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-15 08:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 08:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 08:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 08:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-14 08:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-14 08:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-14 08:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-14 08:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-14 08:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-14 08:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-14 08:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-14 08:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-14 08:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-14 08:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-05-14 08:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-07 23:20 - 2014-05-15 08:26 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe ==================== One Month Modified Files and Folders ======= 2014-05-19 00:22 - 2014-05-17 12:50 - 00000000 ____D () C:\FRST 2014-05-19 00:22 - 2014-02-26 23:43 - 00000000 ___RD () C:\Users\Marcin\Desktop\Emergency 2014-05-19 00:18 - 2014-03-01 11:02 - 01733630 _____ () C:\windows\WindowsUpdate.log 2014-05-19 00:18 - 2013-09-26 19:33 - 00004016 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BD51B57B-4247-45FC-836F-86288680033C} 2014-05-19 00:18 - 2013-07-28 16:12 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA.job 2014-05-19 00:18 - 2013-07-28 16:12 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core.job 2014-05-19 00:18 - 2013-03-05 23:06 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-19 00:18 - 2012-04-02 17:44 - 01679642 _____ () C:\FaceProv.log 2014-05-19 00:18 - 2012-04-02 17:44 - 00000000 ____D () C:\ProgramData\VeriFace 2014-05-18 12:04 - 2014-05-17 15:47 - 00000392 _____ () C:\windows\setupact.log 2014-05-18 11:22 - 2014-05-18 11:22 - 00000626 _____ () C:\Users\Marcin\Desktop\JRT.txt 2014-05-18 11:12 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-18 11:12 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-18 11:10 - 2012-04-03 00:54 - 00740688 _____ () C:\windows\system32\perfh015.dat 2014-05-18 11:10 - 2012-04-03 00:54 - 00156230 _____ () C:\windows\system32\perfc015.dat 2014-05-18 11:10 - 2009-07-14 07:13 - 01670590 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-18 11:08 - 2014-05-18 11:08 - 00000000 ____D () C:\windows\ERUNT 2014-05-18 11:05 - 2014-05-18 11:05 - 00290024 _____ () C:\windows\system32\FNTCACHE.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00060824 _____ () C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00000964 _____ () C:\windows\PFRO.log 2014-05-18 11:05 - 2012-04-02 17:45 - 00524672 _____ () C:\windows\system32\fastboot.set 2014-05-18 11:05 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-18 11:04 - 2013-10-14 21:38 - 00000000 ____D () C:\AdwCleaner 2014-05-18 11:04 - 2013-02-22 23:17 - 00000999 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-17 15:47 - 2014-05-17 15:47 - 00000000 _____ () C:\windows\setuperr.log 2014-05-17 12:51 - 2014-05-17 12:51 - 00029883 _____ () C:\Users\Marcin\Downloads\Addition.txt 2014-05-17 12:51 - 2014-05-17 12:50 - 00030295 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-17 08:03 - 2013-03-03 18:00 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\Skype 2014-05-16 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-16 09:13 - 2012-04-02 17:54 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-15 08:29 - 2013-05-20 06:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 08:26 - 2014-05-07 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-15 08:09 - 2013-07-23 07:24 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 08:08 - 2013-07-02 21:06 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 00:10 - 2013-03-05 23:06 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-09 08:14 - 2014-05-14 08:19 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 08:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe 2014-05-06 06:40 - 2014-05-15 08:10 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 08:10 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 08:10 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 08:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Marcin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 08:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-10 09:42 ==================== End Of Log ============================

Dodano Dzisiaj, 23:25:
Zrobione

**Posty:** 2183 · przez **NieWiem** 19 Maj 2014, 10:06

Jakie masz aktualne objawy?
Dzieje się coś niezwykłego?

Widzę tylko odpadki do usunięcia, ale chcę się upewnić że nie ma żadnych głównych objawów

**Posty:** 32 · przez **Stopek1985** 19 Maj 2014, 16:47

Witaj,

Problem ze stroną startową w IE rozwiązany... nie mam już wymuszonej www.sweet-page.com, w Chrome także nie wyskakuje "Polizia"

)
Co do zrywania połączenia z Internetem to testuję... ale jak na razie jest OK.

Pozdrawiam
Marcin Stopa

**Posty:** 2183 · przez **NieWiem** 19 Maj 2014, 19:39

Bombowo

To teraz usuniemy te odpadki

Pobierz załączony plik i umieść go obok FRST.

fixlist.txt: (424 Bajty) Ściągnięto 89 razy

Uruchom FRST jako administrator i wciśnij tym razem FIX.
Poczekaj aż ukończy zadanie.

Następnie poproszę raport z usuwania (fixlog.txt) i nowy raport z FRST z opcji Scan.

**Posty:** 32 · przez **Stopek1985** 20 Maj 2014, 08:06

Kod: Zaznacz wszystko: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014 Ran by Marcin at 2014-05-20 08:05:42 Run:1 Running from C:\Users\Marcin\Desktop\Emergency Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Policies\Explorer: [NoControlPanel] 0 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 IAStorDataMgrSvc; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerServic; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SoftwareService; U2 Stereo Service; ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. CLKMSVC10_3A60B698 => Service deleted successfully. CLKMSVC10_C3B3B687 => Service deleted successfully. DriverService => Service deleted successfully. IAStorDataMgrSvc => Service deleted successfully. idealife Update Service => Service deleted successfully. IGRS => Service deleted successfully. IviRegMgr => Service deleted successfully. Oasis2Service => Service deleted successfully. PCCarerServic => Service deleted successfully. ReadyComm.DirectRouter => Service deleted successfully. RichVideo => Service deleted successfully. RtLedService => Service deleted successfully. SoftwareService => Service deleted successfully. Stereo Service => Service deleted successfully. ==== End of Fixlog ====

Dodano Dzisiaj, 07:10:

Kod: Zaznacz wszystko: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014 Ran by Marcin at 2014-05-20 08:05:42 Run:1 Running from C:\Users\Marcin\Desktop\Emergency Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Policies\Explorer: [NoControlPanel] 0 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 IAStorDataMgrSvc; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerServic; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SoftwareService; U2 Stereo Service; ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. CLKMSVC10_3A60B698 => Service deleted successfully. CLKMSVC10_C3B3B687 => Service deleted successfully. DriverService => Service deleted successfully. IAStorDataMgrSvc => Service deleted successfully. idealife Update Service => Service deleted successfully. IGRS => Service deleted successfully. IviRegMgr => Service deleted successfully. Oasis2Service => Service deleted successfully. PCCarerServic => Service deleted successfully. ReadyComm.DirectRouter => Service deleted successfully. RichVideo => Service deleted successfully. RtLedService => Service deleted successfully. SoftwareService => Service deleted successfully. Stereo Service => Service deleted successfully. ==== End of Fixlog ====

**Posty:** 2183 · przez **NieWiem** 20 Maj 2014, 08:42

Wkleiłeś dwa razy raport z usuwania, a potrzebuję nowy z FRST jeszcze

**Posty:** 32 · przez **Stopek1985** 20 Maj 2014, 21:19

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Marcin (administrator) on MARCIN-KOMPUTER on 20-05-2014 21:20:39 Running from C:\Users\Marcin\Desktop\Emergency Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\calc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-02] (Lenovo) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-02] (Lenovo) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-02] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-02] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-02] (Lenovo) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Facebook Update] => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-28] (Facebook Inc.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) Chrome: ======= CHR Extension: (Dokumenty Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-19] CHR Extension: (Dysk Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-19] CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19] CHR Extension: (Szukaj w Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-19] CHR Extension: (Google Wallet) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19] CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-19] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-19 16:42 - 2014-05-19 16:42 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-19 16:42 - 2014-05-19 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-19 16:41 - 2014-05-20 21:14 - 00001048 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-19 16:41 - 2014-05-20 17:29 - 00001044 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-19 16:41 - 2014-05-19 16:41 - 00004044 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-19 16:41 - 2014-05-19 16:41 - 00003792 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-18 11:22 - 2014-05-18 11:22 - 00000626 _____ () C:\Users\Marcin\Desktop\JRT.txt 2014-05-18 11:08 - 2014-05-18 11:08 - 00000000 ____D () C:\windows\ERUNT 2014-05-18 11:05 - 2014-05-18 11:05 - 00290024 _____ () C:\windows\system32\FNTCACHE.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00060824 _____ () C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00000964 _____ () C:\windows\PFRO.log 2014-05-18 11:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-17 15:47 - 2014-05-19 22:04 - 00000672 _____ () C:\windows\setupact.log 2014-05-17 15:47 - 2014-05-17 15:47 - 00000000 _____ () C:\windows\setuperr.log 2014-05-17 12:51 - 2014-05-17 12:51 - 00029883 _____ () C:\Users\Marcin\Downloads\Addition.txt 2014-05-17 12:50 - 2014-05-20 21:20 - 00000000 ____D () C:\FRST 2014-05-17 12:50 - 2014-05-17 12:51 - 00030295 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-15 08:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 08:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 08:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 08:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-14 08:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-14 08:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-14 08:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-14 08:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-14 08:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-14 08:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-14 08:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-14 08:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-14 08:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-14 08:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-05-14 08:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-07 23:20 - 2014-05-15 08:26 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe ==================== One Month Modified Files and Folders ======= 2014-05-20 21:20 - 2014-05-17 12:50 - 00000000 ____D () C:\FRST 2014-05-20 21:20 - 2014-02-26 23:43 - 00000000 ___RD () C:\Users\Marcin\Desktop\Emergency 2014-05-20 21:14 - 2014-05-19 16:41 - 00001048 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-20 21:14 - 2013-07-28 16:12 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA.job 2014-05-20 21:14 - 2013-03-05 23:06 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-20 21:14 - 2012-04-02 17:44 - 01684061 _____ () C:\FaceProv.log 2014-05-20 21:14 - 2012-04-02 17:44 - 00000000 ____D () C:\ProgramData\VeriFace 2014-05-20 18:41 - 2014-03-01 11:02 - 01798738 _____ () C:\windows\WindowsUpdate.log 2014-05-20 17:40 - 2013-07-28 16:12 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core.job 2014-05-20 17:29 - 2014-05-19 16:41 - 00001044 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-20 07:41 - 2013-09-26 19:33 - 00004016 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BD51B57B-4247-45FC-836F-86288680033C} 2014-05-19 22:04 - 2014-05-17 15:47 - 00000672 _____ () C:\windows\setupact.log 2014-05-19 16:42 - 2014-05-19 16:42 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-19 16:42 - 2014-05-19 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-19 16:41 - 2014-05-19 16:41 - 00004044 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-19 16:41 - 2014-05-19 16:41 - 00003792 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-19 16:41 - 2014-04-04 23:02 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Deployment 2014-05-19 16:41 - 2012-04-02 17:54 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-19 16:38 - 2013-03-03 18:00 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\Skype 2014-05-18 11:22 - 2014-05-18 11:22 - 00000626 _____ () C:\Users\Marcin\Desktop\JRT.txt 2014-05-18 11:12 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-18 11:12 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-18 11:10 - 2012-04-03 00:54 - 00740688 _____ () C:\windows\system32\perfh015.dat 2014-05-18 11:10 - 2012-04-03 00:54 - 00156230 _____ () C:\windows\system32\perfc015.dat 2014-05-18 11:10 - 2009-07-14 07:13 - 01670590 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-18 11:08 - 2014-05-18 11:08 - 00000000 ____D () C:\windows\ERUNT 2014-05-18 11:05 - 2014-05-18 11:05 - 00290024 _____ () C:\windows\system32\FNTCACHE.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00060824 _____ () C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00000964 _____ () C:\windows\PFRO.log 2014-05-18 11:05 - 2012-04-02 17:45 - 00524672 _____ () C:\windows\system32\fastboot.set 2014-05-18 11:05 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-18 11:04 - 2013-10-14 21:38 - 00000000 ____D () C:\AdwCleaner 2014-05-18 11:04 - 2013-02-22 23:17 - 00000999 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-17 15:47 - 2014-05-17 15:47 - 00000000 _____ () C:\windows\setuperr.log 2014-05-17 12:51 - 2014-05-17 12:51 - 00029883 _____ () C:\Users\Marcin\Downloads\Addition.txt 2014-05-17 12:51 - 2014-05-17 12:50 - 00030295 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-16 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-15 08:29 - 2013-05-20 06:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 08:26 - 2014-05-07 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-15 08:09 - 2013-07-23 07:24 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 08:08 - 2013-07-02 21:06 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 00:10 - 2013-03-05 23:06 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-09 08:14 - 2014-05-14 08:19 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 08:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe 2014-05-06 06:40 - 2014-05-15 08:10 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 08:10 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 08:10 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 08:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Marcin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 08:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-20 18:18 ==================== End Of Log ============================

**Posty:** 2183 · przez **NieWiem** 21 Maj 2014, 08:28

Nie wiem, co instalowałeś w międzyczasie, ale pojawiły się wpisy których wcześniej nie było.

Pobierz załączony plik i umieść go obok FRST.

fixlist.txt: (328 Bajty) Ściągnięto 71 razy

Uruchom FRST jako administrator i wciśnij tym razem FIX.
Poczekaj aż ukończy zadanie.

Następnie poproszę raport z usuwania (fixlog.txt) i nowy raport z FRST z opcji Scan.

**Posty:** 32 · przez **Stopek1985** 22 Maj 2014, 18:08

Hmmm nic nie instalowałem właśnie....

Kod: Zaznacz wszystko: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014 Ran by Marcin at 2014-05-22 18:07:09 Run:2 Running from C:\Users\Marcin\Desktop\Emergency Boot Mode: Normal ============================================== Content of fixlist: ***************** StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ***************** HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. ==== End of Fixlog ====

Dodano Dzisiaj, 17:09:

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Marcin (administrator) on MARCIN-KOMPUTER on 22-05-2014 18:08:27 Running from C:\Users\Marcin\Desktop\Emergency Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-02] (Lenovo) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-02] (Lenovo) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-02] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-02] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-02] (Lenovo) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Facebook Update] => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-28] (Facebook Inc.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2631643345-423519317-2816179767-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) Chrome: ======= CHR Extension: (Dokumenty Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-19] CHR Extension: (Dysk Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-19] CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19] CHR Extension: (Szukaj w Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-19] CHR Extension: (Google Wallet) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19] CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-19] ==================== Services (Whitelisted) ================= S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U3 awrdrpoc; \??\C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-22 18:06 - 2014-05-22 18:06 - 00000328 _____ () C:\Users\Marcin\Downloads\fixlist (2).txt 2014-05-22 18:06 - 2014-05-22 18:06 - 00000328 _____ () C:\Users\Marcin\Downloads\fixlist (1).txt 2014-05-19 16:42 - 2014-05-19 16:42 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-19 16:42 - 2014-05-19 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-19 16:41 - 2014-05-22 17:46 - 00001048 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-19 16:41 - 2014-05-22 16:46 - 00001044 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-19 16:41 - 2014-05-19 16:41 - 00004044 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-19 16:41 - 2014-05-19 16:41 - 00003792 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-18 11:22 - 2014-05-18 11:22 - 00000626 _____ () C:\Users\Marcin\Desktop\JRT.txt 2014-05-18 11:08 - 2014-05-18 11:08 - 00000000 ____D () C:\windows\ERUNT 2014-05-18 11:05 - 2014-05-18 11:05 - 00290024 _____ () C:\windows\system32\FNTCACHE.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00060824 _____ () C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00000964 _____ () C:\windows\PFRO.log 2014-05-18 11:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-17 15:47 - 2014-05-21 07:37 - 00000840 _____ () C:\windows\setupact.log 2014-05-17 15:47 - 2014-05-17 15:47 - 00000000 _____ () C:\windows\setuperr.log 2014-05-17 12:51 - 2014-05-17 12:51 - 00029883 _____ () C:\Users\Marcin\Downloads\Addition.txt 2014-05-17 12:50 - 2014-05-22 18:08 - 00000000 ____D () C:\FRST 2014-05-17 12:50 - 2014-05-17 12:51 - 00030295 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-15 08:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 08:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 08:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 08:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 08:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-14 08:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-14 08:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-14 08:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-14 08:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-14 08:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-14 08:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-14 08:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-05-14 08:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-14 08:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-14 08:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-14 08:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-14 08:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-05-14 08:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-05-14 08:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll 2014-05-14 08:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-14 08:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-07 23:20 - 2014-05-15 08:26 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-06 22:08 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe ==================== One Month Modified Files and Folders ======= 2014-05-22 18:08 - 2014-05-17 12:50 - 00000000 ____D () C:\FRST 2014-05-22 18:08 - 2014-02-26 23:43 - 00000000 ___RD () C:\Users\Marcin\Desktop\Emergency 2014-05-22 18:06 - 2014-05-22 18:06 - 00000328 _____ () C:\Users\Marcin\Downloads\fixlist (2).txt 2014-05-22 18:06 - 2014-05-22 18:06 - 00000328 _____ () C:\Users\Marcin\Downloads\fixlist (1).txt 2014-05-22 17:46 - 2014-05-19 16:41 - 00001048 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-22 17:10 - 2013-03-05 23:06 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-22 16:46 - 2014-05-19 16:41 - 00001044 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-22 16:17 - 2013-07-28 16:12 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002UA.job 2014-05-22 16:17 - 2013-07-28 16:12 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2631643345-423519317-2816179767-1002Core.job 2014-05-22 14:10 - 2014-03-01 11:02 - 01861323 _____ () C:\windows\WindowsUpdate.log 2014-05-22 08:07 - 2012-04-02 17:44 - 01690075 _____ () C:\FaceProv.log 2014-05-22 08:07 - 2012-04-02 17:44 - 00000000 ____D () C:\ProgramData\VeriFace 2014-05-21 19:13 - 2013-03-03 18:00 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\Skype 2014-05-21 18:07 - 2013-09-26 19:33 - 00004016 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BD51B57B-4247-45FC-836F-86288680033C} 2014-05-21 07:44 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-21 07:44 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-21 07:42 - 2012-04-03 00:54 - 00740688 _____ () C:\windows\system32\perfh015.dat 2014-05-21 07:42 - 2012-04-03 00:54 - 00156230 _____ () C:\windows\system32\perfc015.dat 2014-05-21 07:42 - 2009-07-14 07:13 - 01670590 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-21 07:41 - 2012-04-02 17:45 - 00542710 _____ () C:\windows\system32\fastboot.set 2014-05-21 07:37 - 2014-05-17 15:47 - 00000840 _____ () C:\windows\setupact.log 2014-05-21 07:37 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-19 16:42 - 2014-05-19 16:42 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-19 16:42 - 2014-05-19 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-19 16:41 - 2014-05-19 16:41 - 00004044 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-19 16:41 - 2014-05-19 16:41 - 00003792 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-19 16:41 - 2014-04-04 23:02 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Deployment 2014-05-19 16:41 - 2012-04-02 17:54 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-18 11:22 - 2014-05-18 11:22 - 00000626 _____ () C:\Users\Marcin\Desktop\JRT.txt 2014-05-18 11:08 - 2014-05-18 11:08 - 00000000 ____D () C:\windows\ERUNT 2014-05-18 11:05 - 2014-05-18 11:05 - 00290024 _____ () C:\windows\system32\FNTCACHE.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00060824 _____ () C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-18 11:05 - 2014-05-18 11:05 - 00000964 _____ () C:\windows\PFRO.log 2014-05-18 11:04 - 2013-10-14 21:38 - 00000000 ____D () C:\AdwCleaner 2014-05-18 11:04 - 2013-02-22 23:17 - 00000999 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-17 15:47 - 2014-05-17 15:47 - 00000000 _____ () C:\windows\setuperr.log 2014-05-17 12:51 - 2014-05-17 12:51 - 00029883 _____ () C:\Users\Marcin\Downloads\Addition.txt 2014-05-17 12:51 - 2014-05-17 12:50 - 00030295 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-05-16 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-15 08:29 - 2013-05-20 06:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 08:28 - 2013-02-22 23:17 - 00000000 ___RD () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 08:26 - 2014-05-07 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-15 08:09 - 2013-07-23 07:24 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 08:08 - 2013-07-02 21:06 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 00:10 - 2013-03-05 23:06 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 00:10 - 2013-03-05 23:06 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieUserList 2014-05-10 17:17 - 2014-05-10 17:17 - 00000000 __SHD () C:\Users\Marcin\AppData\Local\EmieSiteList 2014-05-09 08:14 - 2014-05-14 08:19 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 08:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\OpenFM 2014-05-07 08:19 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Macromedia 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\GG 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\OpenFM 2014-05-07 08:19 - 2014-05-06 22:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\GG 2014-05-06 22:08 - 2014-05-06 22:08 - 00001194 _____ () C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-05-06 22:08 - 2014-05-06 22:08 - 00001186 _____ () C:\Users\Marcin\Desktop\OpenFM.lnk 2014-05-06 22:07 - 2014-05-06 22:07 - 00399112 _____ () C:\Users\Marcin\Downloads\gg-install (1).exe 2014-05-06 06:40 - 2014-05-15 08:10 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 08:10 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 08:10 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 08:10 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 08:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Marcin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 08:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-20 18:18 ==================== End Of Log ============================

**Posty:** 2183 · przez **NieWiem** 22 Maj 2014, 18:36

Pobierz i zainstaluj Malwarebytes' Anti-Malware.
Podczas instalacji odznacz opcję "free pro-version trial" czy jakoś tak.
Uaktualnij i przeprowadź skanowanie.
Załącz wynikowy raport.

**Posty:** 32 · przez **Stopek1985** 25 Maj 2014, 12:02

Kod: Zaznacz wszystko: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2014-05-25 Scan Time: 11:45:02 Logfile: malware.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.05.25.01 Rootkit Database: v2014.05.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Marcin Scan Type: Threat Scan Result: Completed Objects Scanned: 278997 Time Elapsed: 7 min, 52 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Tarma.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\c82b4b5f-f2c7-45f5-b006-161f3983f549, , [ade8d67f0b7096a017c7133257a9ea16], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 5 PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{624E18D0-6F1A-4569-A782-2738B9AD3A26}\Custom.dll, , [fa9b3c19cab14de993689e9eaf51629e], PUP.Optional.Tarma.A, C:\ProgramData\InstallMate\{624E18D0-6F1A-4569-A782-2738B9AD3A26}\Setup.exe, , [ade8d67f0b7096a017c7133257a9ea16], PUP.Optional.Amonetize.A, C:\Users\Marcin\Downloads\install-flashplayer__4607_i543903177_il105.exe, , [eda82f26d8a38fa784d46ece768aa060], PUP.Optional.Installrex, C:\Users\Marcin\Downloads\Witch Girl.exe, , [c6cf154052297bbbe958dc8f38c95da3], PUP.Optional.OpenCandy, C:\Users\Marcin\Downloads\microsoft-silverlight-5.1.20913.0.exe, , [aee7b99c09725dd915b73545d62eab55], Physical Sectors: 0 (No malicious items detected) (end)

Dodano Dzisiaj, 11:03:
Cały czas mi ścina internet... strasznie irytująca historia

(

**Posty:** 2183 · przez **NieWiem** 26 Maj 2014, 09:01

Co znalazł MBAM - usunąć.

Pobierz MiniToolBox na pulpit.
Zamknij wszystkie przeglądarki!
Uruchom jako administrator.
Upewnij się, że wszystkie opcje są zaznaczone.
Wciśnij Go! i przeklej wynikowy raport.

**Posty:** 32 · przez **Stopek1985** 28 Maj 2014, 23:58

Kod: Zaznacz wszystko: MiniToolBox by Farbar Version: 23-01-2014 Ran by Marcin (administrator) on 28-05-2014 at 23:55:33 Running from "C:\Users\Marcin\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Konfiguracja IP systemu Windows Pomylnie opr˘ľniono pami©† podr©cznĄ programu rozpoznawania nazw DNS. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Intel(R) Centrino(R) Wireless-N 1000 = Połączenie sieci bezprzewodowej (Connected) Urządzenie Bluetooth (sieć osobista) = Połączenie sieciowe Bluetooth (Media disconnected) Realtek PCIe FE Family Controller = Połączenie lokalne (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Połączenie sieci bezprzewodowej 4 (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Połączenie sieci bezprzewodowej 5 (Media disconnected) # ---------------------------------- # Konfiguracja IPv4 # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add address name="PoĄczenie sieci bezprzewodowej 3" address=192.168.16.2 mask=255.255.255.0 popd # Koniec konfiguracji IPv4 Konfiguracja IP systemu Windows Nazwa hosta . . . . . . . . . . . : Marcin-Komputer Sufiks podstawowej domeny DNS . . : Typ w©za . . . . . . . . . . . . : Hybrydowy Routing IP wĄczony . . . . . . . : Nie Serwer WINS Proxy wĄczony. . . . : Nie Lista przeszukiwania sufiks˘w DNS : RT-G32 Karta bezprzewodowej sieci LAN PoĄczenie sieci bezprzewodowej 5: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #4 Adres fizyczny. . . . . . . . . . : 74-E5-0B-E3-09-5D DHCP wĄczone . . . . . . . . . . : Tak Autokonfiguracja wĄczona . . . . : Tak Karta bezprzewodowej sieci LAN PoĄczenie sieci bezprzewodowej 4: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3 Adres fizyczny. . . . . . . . . . : 74-E5-0B-E3-09-5D DHCP wĄczone . . . . . . . . . . : Tak Autokonfiguracja wĄczona . . . . : Tak Karta bezprzewodowej sieci LAN PoĄczenie sieci bezprzewodowej: Sufiks DNS konkretnego poĄczenia : RT-G32 Opis. . . . . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1000 Adres fizyczny. . . . . . . . . . : 74-E5-0B-E3-09-5C DHCP wĄczone . . . . . . . . . . : Tak Autokonfiguracja wĄczona . . . . : Tak Adres IPv6 poĄczenia lokalnego . : fe80::e475:3d5:133e:cf21%19(Preferowane) Adres IPv4. . . . . . . . . . . . . : 192.168.1.2(Preferowane) Maska podsieci. . . . . . . . . . : 255.255.255.0 Dzierľawa uzyskana. . . . . . . . : 28 maja 2014 07:46:33 Dzierľawa wygasa. . . . . . . . . : 29 maja 2014 17:23:56 Brama domylna. . . . . . . . . . : 192.168.1.1 Serwer DHCP . . . . . . . . . . . : 192.168.1.1 Identyfikator IAID DHCPv6 . . . . : 259319051 Identyfikator DUID klienta DHCPv6 : 00-01-00-01-17-0B-7C-41-F0-DE-F1-E4-04-3D Serwery DNS . . . . . . . . . . . : 192.168.1.1 NetBIOS przez Tcpip . . . . . . . : WĄczony Karta Ethernet PoĄczenie lokalne: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Realtek PCIe FE Family Controller Adres fizyczny. . . . . . . . . . : F0-DE-F1-E4-04-3D DHCP wĄczone . . . . . . . . . . : Tak Autokonfiguracja wĄczona . . . . : Tak Karta Ethernet PoĄczenie sieciowe Bluetooth: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : UrzĄdzenie Bluetooth (sie† osobista) Adres fizyczny. . . . . . . . . . : 64-27-37-89-D3-B8 DHCP wĄczone . . . . . . . . . . : Tak Autokonfiguracja wĄczona . . . . : Tak Karta tunelowa isatap.RT-G32: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : RT-G32 Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP wĄczone . . . . . . . . . . : Nie Autokonfiguracja wĄczona . . . . : Tak Karta tunelowa isatap.{54B1E279-D167-4444-A161-923AB4CCDBF2}: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #2 Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP wĄczone . . . . . . . . . . : Nie Autokonfiguracja wĄczona . . . . : Tak Karta tunelowa isatap.{341A968C-BAD8-45AA-8BAE-56000577FE7E}: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #3 Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP wĄczone . . . . . . . . . . : Nie Autokonfiguracja wĄczona . . . . : Tak Karta tunelowa isatap.{FFF3BD0F-977D-47D9-955C-A305BE017D97}: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #4 Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP wĄczone . . . . . . . . . . : Nie Autokonfiguracja wĄczona . . . . : Tak Karta tunelowa isatap.{88DB93B4-E176-493A-8626-AC67BF59467C}: Stan nonika . . . . . . . . . . .: Nonik odĄczony Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #5 Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP wĄczone . . . . . . . . . . : Nie Autokonfiguracja wĄczona . . . . : Tak Karta tunelowa Teredo Tunneling Pseudo-Interface: Sufiks DNS konkretnego poĄczenia : Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP wĄczone . . . . . . . . . . : Nie Autokonfiguracja wĄczona . . . . : Tak Adres IPv6. . . . . . . . . . . . : 2001:0:9d38:6abd:3c6c:1004:3f57:fefd(Preferowane) Adres IPv6 poĄczenia lokalnego . : fe80::3c6c:1004:3f57:fefd%17(Preferowane) Brama domylna. . . . . . . . . . : :: NetBIOS przez Tcpip . . . . . . . : WyĄczony Serwer: RT-G32 Address: 192.168.1.1 Nazwa: google.com Addresses: 2607:f8b0:400a:802::1009 46.28.247.93 46.28.247.118 46.28.247.99 46.28.247.84 46.28.247.104 46.28.247.98 46.28.247.113 46.28.247.114 46.28.247.88 46.28.247.123 46.28.247.109 46.28.247.119 46.28.247.103 46.28.247.108 46.28.247.89 46.28.247.94 Badanie google.com [46.28.247.94] z 32 bajtami danych: Odpowied« z 46.28.247.94: bajt˘w=32 czas=9ms TTL=55 Odpowied« z 46.28.247.94: bajt˘w=32 czas=10ms TTL=55 Statystyka badania ping dla 46.28.247.94: Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0 (0% straty), Szacunkowy czas bĄdzenia pakiet˘w w millisekundach: Minimum = 9 ms, Maksimum = 10 ms, Czas redni = 9 ms Serwer: RT-G32 Address: 192.168.1.1 Nazwa: yahoo.com Addresses: 98.139.183.24 98.138.253.109 206.190.36.45 Badanie yahoo.com [206.190.36.45] z 32 bajtami danych: Odpowied« z 206.190.36.45: bajt˘w=32 czas=188ms TTL=46 Odpowied« z 206.190.36.45: bajt˘w=32 czas=195ms TTL=46 Statystyka badania ping dla 206.190.36.45: Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0 (0% straty), Szacunkowy czas bĄdzenia pakiet˘w w millisekundach: Minimum = 188 ms, Maksimum = 195 ms, Czas redni = 191 ms Badanie 127.0.0.1 z 32 bajtami danych: Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128 Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128 Statystyka badania ping dla 127.0.0.1: Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0 (0% straty), Szacunkowy czas bĄdzenia pakiet˘w w millisekundach: Minimum = 0 ms, Maksimum = 0 ms, Czas redni = 0 ms =========================================================================== Lista interfejs˘w 21...74 e5 0b e3 09 5d ......Microsoft Virtual WiFi Miniport Adapter #4 20...74 e5 0b e3 09 5d ......Microsoft Virtual WiFi Miniport Adapter #3 19...74 e5 0b e3 09 5c ......Intel(R) Centrino(R) Wireless-N 1000 13...f0 de f1 e4 04 3d ......Realtek PCIe FE Family Controller 11...64 27 37 89 d3 b8 ......UrzĄdzenie Bluetooth (sie† osobista) 1...........................Software Loopback Interface 1 22...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP 38...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP #2 39...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP #3 40...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP #4 41...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP #5 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== Tabela tras IPv4 =========================================================================== Aktywne trasy: Miejsce docelowe w sieci Maska sieci Brama Interfejs Metryka 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.2 281 192.168.1.2 255.255.255.255 On-link 192.168.1.2 281 192.168.1.255 255.255.255.255 On-link 192.168.1.2 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.2 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.2 281 =========================================================================== Trasy trwae: Brak Tabela tras IPv6 =========================================================================== Aktywne trasy: Jeli Metryka Miejsce docelowe w sieci Brama 17 58 ::/0 On-link 1 306 ::1/128 On-link 17 58 2001::/32 On-link 17 306 2001:0:9d38:6abd:3c6c:1004:3f57:fefd/128 On-link 19 281 fe80::/64 On-link 17 306 fe80::/64 On-link 17 306 fe80::3c6c:1004:3f57:fefd/128 On-link 19 281 fe80::e475:3d5:133e:cf21/128 On-link 1 306 ff00::/8 On-link 17 306 ff00::/8 On-link 19 281 ff00::/8 On-link =========================================================================== Trasy trwae: Brak ========================= Winsock entries ===================================== Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (05/28/2014 05:36:53 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: GoogleUpdate.exe, wersja: 1.3.21.103, sygnatura czasowa: 0x4f3c6d6c Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.18247, sygnatura czasowa: 0x521ea8e7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000223e0 Identyfikator procesu powodującego błąd: 0x11d8 Godzina uruchomienia aplikacji powodującej błąd: 0xGoogleUpdate.exe0 Ścieżka aplikacji powodującej błąd: GoogleUpdate.exe1 Ścieżka modułu powodującego błąd: GoogleUpdate.exe2 Identyfikator raportu: GoogleUpdate.exe3 Error: (05/28/2014 07:46:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/28/2014 01:41:08 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2014 05:46:59 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2014 11:43:41 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/25/2014 11:54:42 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2014 11:53:54 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/23/2014 11:49:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/23/2014 11:44:13 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/21/2014 07:37:43 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/20/2014 05:29:17 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (05/19/2014 04:37:56 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (05/18/2014 00:04:55 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= Error: (05/28/2014 05:36:53 PM) (Source: Application Error)(User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e011d801cf7a88dad4cd08C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\windows\SysWOW64\ntdll.dlle41cb8e1-e67d-11e3-9df2-64273789d3b8 Error: (05/28/2014 07:46:33 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/28/2014 01:41:08 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2014 05:46:59 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2014 11:43:41 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/25/2014 11:54:42 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2014 11:53:54 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/23/2014 11:49:41 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/23/2014 11:44:13 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/21/2014 07:37:43 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-09-23 21:36:08.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.147 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 21:36:08.138 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:39:08.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:39:08.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-23 20:38:45.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.455 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-17 21:43:39.330 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ Adobe Flash Player 13 ActiveX (Version: 13.0.0.214) Adobe Flash Player 13 Plugin (Version: 13.0.0.214) Adobe Reader XI (11.0.07) - Polish (Version: 11.0.07) Aktualizacje NVIDIA 11.10.13 (Version: 11.10.13) AVG 2014 (Version: 14.0.4158) CCleaner (Version: 4.11) D3DX10 (Version: 15.4.2368.0902) Energy Management (Version: 6.0.2.1) Facebook Video Calling 2.0.0.447 (Version: 2.0.447) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (Version: 15.4.5722.2) Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922) GeForce Experience NvStream Client Components (Version: 1.6.28) Google Chrome (Version: 35.0.1916.114) Google Update Helper (Version: 1.3.24.7) Intel(R) Control Center (Version: 1.2.1.1007) Intel(R) Management Engine Components (Version: 7.0.0.1144) Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730) Intel(R) Processor Graphics (Version: 9.17.10.3347) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128) Intel(R) Rapid Storage Technology (Version: 10.1.5.1001) Intel(R) Wireless Display (Version: 2.0.27.0) Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297) Java 7 Update 55 (Version: 7.0.550) Java Auto Updater (Version: 2.1.9.8) Junk Mail filter update (Version: 15.4.3502.0922) Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.8000) Lenovo EasyCamera (Version: 1.11.0209.1) Lenovo EE Boot Optimizer (Version: 0.0.1.5) Lenovo OneKey Recovery (Version: 7.0.1628) Lenovo YouCam (Version: 3.1.3603) Malwarebytes Anti-Malware wersja 2.0.2.1012 (Version: 2.0.2.1012) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938) Microsoft .NET Framework 4.5.1 (Polski) (Version: 4.5.50938) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Security Client (Version: 4.5.0216.0) Microsoft Security Essentials (Version: 4.5.216.0) Microsoft Silverlight (Version: 5.1.30214.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MioMore Desktop 7.50 (Version: 7.50.0109.128) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) NVIDIA GeForce Experience 1.8.2.1 (Version: 1.8.2.1) NVIDIA Install Application (Version: 2.1002.147.1067) NVIDIA LED Visualizer 1.0 (Version: 1.0) NVIDIA Network Service (Version: 1.0) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (Version: 9.13.1220) NVIDIA Optimus Update 11.10.13 (Version: 11.10.13) NVIDIA PhysX (Version: 9.13.1220) NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13) NVIDIA Sterownik graficzny 334.89 (Version: 334.89) NVIDIA Update Core (Version: 11.10.13) NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20) Onekey Theater (Version: 2.0.2.7) OpenFM (Version: 2) Oprogramowanie Intel® PROSet/Wireless (Version: 16.7.0) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1) Panel sterowania NVIDIA 334.89 (Version: 334.89) Poczta usługi Windows Live (Version: 15.4.3502.0922) Podręcznik użytkownika (Version: 1.0.0.6) Podstawowe programy Windows Live (Version: 15.4.3502.0922) Podstawowe programy Windows Live (Version: 15.4.3508.1109) Polski VAG 2.5 (Version: 2.502) Power2Go (Version: 5.6.0.7303) Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010) Realtek High Definition Audio Driver (Version: 6.0.1.6505) Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10008) SHIELD Streaming (Version: 1.7.321) Skype™ 6.16 (Version: 6.16.105) SRS Control Panel (Version: 1.11.4800) Synaptics Pointing Device Driver (Version: 15.2.7.0) UserGuide (Version: 1.0.0.6) VeriFace (Version: 4.0.0.1206) Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1) Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) WinRAR 4.20 (64-bitowy) (Version: 4.20.0) ========================= Devices: ================================ Name: Menedżer woluminów dynamicznych Description: Menedżer woluminów dynamicznych Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: volmgrx Name: Link-Layer Topology Discovery Mapper I/O Driver Description: Link-Layer Topology Discovery Mapper I/O Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: lltdio Name: Realtek PCIe FE Family Controller Description: Realtek PCIe FE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Name: Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 Description: Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Aplikacja zbierająca informacje o oprogramowaniu urządzeń Plug and Play Description: Aplikacja zbierająca informacje o oprogramowaniu urządzeń Plug and Play Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: swenum Name: BPntDrv Description: BPntDrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: BPntDrv Name: RDPCDD Description: RDPCDD Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPCDD Name: Przycisk uśpienia ACPI Description: Przycisk uśpienia ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Woluminy magazynu Description: Woluminy magazynu Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: volsnap Name: msahci Description: msahci Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: msahci Name: Moduł wyliczający magistrali głównej UMBus Description: Moduł wyliczający magistrali głównej UMBus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: RDP Encoder Mirror Driver Description: RDP Encoder Mirror Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPENCDD Name: Główny koncentrator USB Description: Główny koncentrator USB Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standardowy kontroler hosta USB) Service: usbhub Name: Interfejs zarządzania Microsoft Windows dla ACPI Description: Interfejs zarządzania Microsoft Windows dla ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: WmiAcpi Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvvad_WaveExtensible Name: Virtual WiFi Filter Driver Description: Virtual WiFi Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: vwififlt Name: Intel(R) Centrino(R) Wireless-N 1000 Description: Intel(R) Centrino(R) Wireless-N 1000 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: NETwNs64 Name: Synaptics PS/2 Port TouchPad Description: Synaptics PS/2 Port TouchPad Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Synaptics Service: i8042prt Name: Reflector Display Driver used to gain access to graphics data Description: Reflector Display Driver used to gain access to graphics data Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPREFMP Name: Kontroler zgodny ze standardem High Definition Audio Description: Kontroler zgodny ze standardem High Definition Audio Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Name: Główny koncentrator USB Description: Główny koncentrator USB Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standardowy kontroler hosta USB) Service: usbhub Name: Sterownik modułu wyliczającego dysku wirtualnego Microsoft Description: Sterownik modułu wyliczającego dysku wirtualnego Microsoft Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: vdrvroot Name: msisadrv Description: msisadrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: msisadrv Name: Karta Microsoft 6to4 Description: Karta Microsoft 6to4 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Sterownik usługi Dostęp zdalny IPv6 ARP Description: Sterownik usługi Dostęp zdalny IPv6 ARP Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Wanarpv6 Name: Urządzenie koncentratora firmware Intel(R) 82802 Description: Urządzenie koncentratora firmware Intel(R) 82802 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: System Common Log (CLFS) Description: System Common Log (CLFS) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: CLFS Name: Strefa termiczna ACPI Description: Strefa termiczna ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Link-Layer Topology Discovery Responder Description: Link-Layer Topology Discovery Responder Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: rspndr Name: Menedżer woluminów Description: Menedżer woluminów Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: volmgr Name: Karta Microsoft ISATAP Description: Karta Microsoft ISATAP Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Rodzajowy monitor PnP Description: Rodzajowy monitor PnP Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe typy monitorów) Service: monitor Name: Kernel Mode Driver Frameworks service Description: Kernel Mode Driver Frameworks service Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Wdf01000 Name: CNG Description: CNG Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: CNG Name: Zasoby płyty głównej Description: Zasoby płyty głównej Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Strefa termiczna ACPI Description: Strefa termiczna ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: WDKMD Description: WDKMD Class Guid: {034f6fb2-1bcc-41c9-9fd2-dbb357de0838} Manufacturer: (Standard system devices) Service: wdkmd Name: Karta Microsoft ISATAP #2 Description: Karta Microsoft ISATAP Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Security Driver Description: Security Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: secdrv Name: Zasilacz Microsoft Description: Zasilacz Microsoft Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: NativeWiFi Filter Description: NativeWiFi Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NativeWifiP Name: Mostek (bridge) standardu PCI do PCI-do-PCI Description: Mostek (bridge) standardu PCI do PCI-do-PCI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: pci Name: MATSHITA DVD-RAM UJ8B1AS Description: Stacja dysków CD-ROM Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe stacje dysków CD-ROM) Service: cdrom Name: Wolumin uniwersalny Description: Wolumin uniwersalny Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 Description: Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: WFP Lightweight Filter Description: WFP Lightweight Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: WfpLwf Name: Karta Microsoft ISATAP #3 Description: Karta Microsoft ISATAP Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Lenovo ACPI-Compliant Virtual Power Controller Description: Lenovo ACPI-Compliant Virtual Power Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Lenovo Service: ACPIVPC Name: Zasoby płyty głównej Description: Zasoby płyty głównej Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Przycisk ACPI Fixed Feature Description: Przycisk ACPI Fixed Feature Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Karta Microsoft ISATAP #4 Description: Karta Microsoft ISATAP Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: System zgodny ze standardem Microsoft ACPI Description: System zgodny ze standardem Microsoft ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: ACPI Name: Sterownik systemowy NDIS Description: Sterownik systemowy NDIS Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDIS Name: System Attribute Cache Description: System Attribute Cache Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: discache Name: wsvd Description: wsvd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsvd Name: Programowalny kontroler przerwań Description: Programowalny kontroler przerwań Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Karta Microsoft ISATAP #5 Description: Karta Microsoft ISATAP Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Moduł wyliczający Bluetooth firmy Microsoft Description: Moduł wyliczający Bluetooth firmy Microsoft Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Microsoft Service: BthEnum Name: NDIS Usermode I/O Protocol Description: NDIS Usermode I/O Protocol Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Ndisuio Name: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Description: Procesor Intel Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: User Mode Driver Frameworks Platform Driver Description: User Mode Driver Frameworks Platform Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: WudfPf Name: LDDM Graphics Subsystem Description: LDDM Graphics Subsystem Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: DXGKrnl Name: 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0104 Description: 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0104 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Name: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 Description: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Name: Czasomierz systemowy Description: Czasomierz systemowy Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Wolumin uniwersalny Description: Wolumin uniwersalny Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: NDProxy Description: NDProxy Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDProxy Name: Urządzenie Bluetooth (sieć osobista) Description: Urządzenie Bluetooth (sieć osobista) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: CyberLink WebCam Virtual Driver Description: CyberLink WebCam Virtual Driver Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: CyberLink Service: clwvd Name: Broadcom Bluetooth 2.1 USB Description: Broadcom Bluetooth 2.1 USB Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Name: ACPI x64-based PC Description: ACPI x64-based PC Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318} Manufacturer: (Komputery standardowe) Service: \Driver\ACPI_HAL Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Czasomierz zdarzeniowy wysokiej precyzji Description: Czasomierz zdarzeniowy wysokiej precyzji Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Sterownik BIOS zarządzania systemem firmy Microsoft Description: Sterownik BIOS zarządzania systemem firmy Microsoft Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: mssmbios Name: Karta wirtualna Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Description: Karta wirtualna Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Class Guid: {dad27e18-2598-4484-98b0-5dba8e007f6a} Manufacturer: Intel Corporation Service: AMPPAL Name: Kontroler DMA Description: Kontroler DMA Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: fbfmon Description: fbfmon Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: fbfmon Name: Urządzenie Bluetooth (Protokół TDI RFCOMM) Description: Urządzenie Bluetooth (Protokół TDI RFCOMM) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RFCOMM Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: WAN Miniport (IKEv2) Description: WAN Miniport (IKEv2) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasAgileVpn Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Name: Urządzenie kompozytowe USB Description: Urządzenie kompozytowe USB Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standardowy kontroler hosta USB) Service: usbccgp Name: Intel(R) HD Graphics 3000 Description: Intel(R) HD Graphics 3000 Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Name: Sterownik pliku jako woluminu Description: Sterownik pliku jako woluminu Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: blbdrive Name: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D Description: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Name: NETBT Description: NETBT Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NetBT Name: Standardowa klawiatura PS/2 Description: Standardowa klawiatura PS/2 Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Klawiatury standardowe) Service: i8042prt Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Intel(R) Audio dla ekranów Description: Intel(R) Audio dla ekranów Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Intel(R) Corporation Service: IntcDAud Name: DYwiek Bluetooth Description: DYwiek Bluetooth Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: btwaudio Name: Wolumin uniwersalny Description: Wolumin uniwersalny Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: sptd Description: sptd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: sptd Name: Moduł wyliczający magistrali kompozytowej Description: Moduł wyliczający magistrali kompozytowej Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: CompositeBus Name: Miniport WAN (L2TP) Description: Miniport WAN (L2TP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Rasl2tp Name: HITACHI HTS727575A9E364 Description: Stacja dysków Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe stacje dysków) Service: disk Name: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Description: Procesor Intel Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Microsoft Virtual WiFi Miniport Adapter #3 Description: Karta wirtualnego miniportu WiFi firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Microsoft Network Inspection System Description: Microsoft Network Inspection System Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NisDrv Name: Lenovo EasyCamera Description: Lenovo EasyCamera Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Bison Electronic Inc. Service: SPUVCbv Name: Bateria kompozytowa Microsoft Description: Bateria kompozytowa Microsoft Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: Compbatt Name: WAN Miniport (Network Monitor) Description: WAN Miniport (Network Monitor) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: Intel(R) Mobile Express Chipset SATA AHCI Controller Description: Intel(R) Mobile Express Chipset SATA AHCI Controller Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: iaStor Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Intel(R) Management Engine Interface Description: Intel(R) Management Engine Interface Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: MEIx64 Name: Magistrala PCI Description: Magistrala PCI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: pci Name: Rodzajowa kopia w tle woluminów Description: Rodzajowa kopia w tle woluminów Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Ancillary Function Driver for Winsock Description: Ancillary Function Driver for Winsock Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AFD Name: WAN Miniport (IP) Description: WAN Miniport (IP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: NSI proxy service driver. Description: NSI proxy service driver. Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: nsiproxy Name: Zegar systemowy CMOS/czasu rzeczywistego Description: Zegar systemowy CMOS/czasu rzeczywistego Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Generic USB Hub Description: Generic USB Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Generic USB Hub) Service: usbhub Name: Sterownik filtru szyfrowania dysków funkcją BitLocker Description: Sterownik filtru szyfrowania dysków funkcją BitLocker Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: fvevol Name: Wolumin uniwersalny Description: Wolumin uniwersalny Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Microsoft Virtual WiFi Miniport Adapter #4 Description: Karta wirtualnego miniportu WiFi firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Name: IDE Channel Description: IDE Channel Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: atapi Name: WAN Miniport (IPv6) Description: WAN Miniport (IPv6) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: Menedżer punktów instalacji Description: Menedżer punktów instalacji Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mountmgr Name: Płyta systemowa Description: Płyta systemowa Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Bluetooth L2CAP Interface Description: Bluetooth L2CAP Interface Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Broadcom Corp. Service: btwl2cap Name: HTTP Description: HTTP Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HTTP Name: Sterownik protokołu TCP/IP Description: Sterownik protokołu TCP/IP Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Tcpip Name: Generic USB Hub Description: Generic USB Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Generic USB Hub) Service: usbhub Name: Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 Description: Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49 Description: Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: msisadrv Name: Zasoby płyty głównej Description: Zasoby płyty głównej Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Description: Procesor Intel Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Miniport WAN (PPPOE) Description: Miniport WAN (PPPOE) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasPppoe Name: Null Description: Null Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Null Name: Hardware Policy Driver Description: Hardware Policy Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: hwpolicy Name: TCP/IP Registry Compatibility Description: TCP/IP Registry Compatibility Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tcpipreg Name: Zasoby płyty głównej Description: Zasoby płyty głównej Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Realtek USB 2.0 Card Reader Description: Realtek USB 2.0 Card Reader Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Realtek Service: RSUSBVSTOR Name: Performance Counters for Windows Driver Description: Performance Counters for Windows Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: pcw Name: Miniport WAN (PPTP) Description: Miniport WAN (PPTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: PptpMiniport Name: Procesor numeryczny Description: Procesor numeryczny Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Sterownik uwierzytelniania Zapory systemu Windows Description: Sterownik uwierzytelniania Zapory systemu Windows Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mpsdrv Name: IP Network Address Translator Description: IP Network Address Translator Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: IPNAT Name: Sterownik obsługi starszych urządzeń TDI NetIO Description: Sterownik obsługi starszych urządzeń TDI NetIO Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tdx Name: PEAUTH Description: PEAUTH Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: PEAUTH Name: NVIDIA GeForce GT 630M Description: NVIDIA GeForce GT 630M Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvlddmkm Name: Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 Description: Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: WAN Miniport (SSTP) Description: WAN Miniport (SSTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasSstp Name: KSecDD Description: KSecDD Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: KSecDD Name: Kontroler osadzony zgodny ze standardem Microsoft ACPI Description: Kontroler osadzony zgodny ze standardem Microsoft ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: Name: Harmonogram pakietów QoS Description: Harmonogram pakietów QoS Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Psched Name: Beep Description: Beep Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Beep Name: Moduł wyliczający UMBus Description: Moduł wyliczający UMBus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: Bluetooth Remote Control Description: Bluetooth Remote Control Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Broadcom Service: btwrchid Name: Sterownik klawiatury serwera terminali Description: Sterownik klawiatury serwera terminali Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: TermDD Name: VgaSave Description: VgaSave Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: VgaSave Name: KSecPkg Description: KSecPkg Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: KSecPkg Name: Bateria Microsoft o metodzie kontroli zgodnej z ACPI Description: Bateria Microsoft o metodzie kontroli zgodnej z ACPI Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Description: Procesor Intel Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Sterownik myszy serwera terminali Description: Sterownik myszy serwera terminali Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: TermDD Name: Pokrywa ACPI Description: Pokrywa ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardowe urządzenia systemowe) Service: ========================= Memory info: =================================== Percentage of memory in use: 24% Total physical RAM: 8106.14 MB Available physical RAM: 6110.11 MB Total Pagefile: 16210.46 MB Available Pagefile: 14178.47 MB Total Virtual: 4095.88 MB Available Virtual: 3961.27 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:654.69 GB) (Free:606.16 GB) NTFS 2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:11.66 GB) NTFS ========================= Users: ======================================== Konta uľytkownik˘w dla \\MARCIN-KOMPUTER Administrator Go† Marcin Polecenie zostao wykonane pomylnie. ========================= Minidump Files ================================== No minidump file found ========================= Restore Points ================================== 02-05-2014 15:33:26 Windows Update 04-05-2014 20:00:59 Windows Update 07-05-2014 21:20:23 Windows Update 11-05-2014 07:26:25 Windows Update 15-05-2014 06:07:24 Windows Update 18-05-2014 08:10:54 Windows Update 21-05-2014 16:18:40 Windows Update 25-05-2014 01:54:09 Windows Update **** End of log ****

**Posty:** 2183 · przez **NieWiem** 29 Maj 2014, 07:52

Jak wygląda sprawa teraz? Dalej zrywa internet?

Kto jest na forum