Powolna praca przeglądarek i innych programów

**Posty:** 555 · przez **MarcepanowyPiesek** 05 Sie 2012, 21:47

Witam.
Mój problem rozpoczął się już około miesiąca temu ale do tego czasu jakoś starałem się wytrzymać... Starałem się! Na gwałt potrzebuję sprawnego komputera z szybko działającym internetem do dokończenia pewnych dokumentów, a przeglądarki nie dają mi żadnej możliwości na sprawne wyszukiwanie informacji. W Google Chrome mogę mieć otwartą tylko jedną kartę, bo w przeciwnym razie się zawiesza, a Firefox zależy od humoru, czasami sam się wyłącza, a sometimes tylko bardzo powoli pracuje. W załączniku dołączam logi.

**Posty:** 205 · przez **defacto19** 05 Sie 2012, 22:28

Pokaż jeszcze raporty z OTL -> wszystko-o-logach-aktualizacja-30-01-2012-vt117887.html

**Posty:** 555 · przez **MarcepanowyPiesek** 06 Sie 2012, 11:48

OTL zawiesza się zawsze w momencie skanowania na "Firefox process" niezależnie od wersji (exe. COM.) i trybu pracy,

**Posty:** 205 · przez **defacto19** 06 Sie 2012, 12:20

OTL zawiesza się zawsze w momencie skanowania na "Firefox process" niezależnie od wersji (exe. COM.) i trybu pracy,

Jeśli skanowanie zatrzymuje się na ustawieniach Firefox, to prawdopodobnie OTL ma jakiś problem z odczytem któregoś pliku. Odinstaluj na razie tą przeglądarkę, i wykonaj skanowanie raz jeszcze. Tym razem skanowanie powinno wykonać się bez żadnego problemu.

**Posty:** 555 · przez **MarcepanowyPiesek** 06 Sie 2012, 13:14

Niestety to nie pomogło. Program zawiesza się dokładnie w momencie "Scanning FireFox process".

**Posty:** 205 · przez **defacto19** 06 Sie 2012, 13:49

Zastosuj Adwcleaner -> http://general-changelog-team.fr/en/tools/15-adwcleaner (ściągnij na Pulpit i kliknij w nim Delete.
Pokaż raport z niego C:\AdwCleaner[S1].txt

Użyj TFC - Temp File Cleaner -> http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ aby opróżnić lokalizacje tymczasowe.

Napisz jak teraz wygląda sytuacja.

**Posty:** 555 · przez **MarcepanowyPiesek** 06 Sie 2012, 15:44

Bez znaczącej różnicy, firefox troche przyspieszył.

Kod: Zaznacz wszystko: # AdwCleaner v1.800 - Logfile created 08/06/2012 at 15:38:29 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Novi - NOVI-HP # Running from : C:\Users\Novi\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Novi\AppData\Local\Conduit Folder Deleted : C:\Users\Novi\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkakpihealnpggeceajhaonlmgdkaip Folder Deleted : C:\Users\Novi\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc Folder Deleted : C:\Users\Novi\AppData\Local\Temp\CT2504091 Folder Deleted : C:\Users\Novi\AppData\Local\Temp\CT2704262 Folder Deleted : C:\Users\Novi\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Novi\AppData\LocalLow\FreeSoundRecorder Folder Deleted : C:\Users\Novi\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\ConduitCommon Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\CT2504091 Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\CT2704262 Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\WinampToolbarData Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\extensions\ffxtlbra@softonic.com Folder Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\extensions\plugin@yontoo.com Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\FreeSoundRecorder Folder Deleted : C:\Program Files (x86)\Softonic Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility File Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\searchplugins\Conduit.xml File Deleted : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\searchplugins\softonic.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\DT Soft Key Deleted : HKLM\SOFTWARE\FreeSoundRecorder Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\knkakpihealnpggeceajhaonlmgdkaip Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} [x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F99D80C1-DE46-40B2-BB92-F72869075C79} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC220798-87D9-4B8B-A3E8-348888451D52} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32B29DF0-2237-4370-9A29-37CEBB730E9B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32B29DF0-2237-4370-9A29-37CEBB730E9B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32B29DF0-2237-4370-9A29-37CEBB730E9B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32B29DF0-2237-4370-9A29-37CEBB730E9B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2704262 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (pl) Profile name : default File : C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\prefs.js C:\Users\Novi\AppData\Roaming\Mozilla\Firefox\Profiles\3se4voz7.default\user.js ... Deleted ! Deleted : user_pref("CT2504091..clientLogIsEnabled", false); Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true); Deleted : user_pref("CT2504091.CTID", "CT2504091"); Deleted : user_pref("CT2504091.CurrentServerDate", "6-8-2012"); Deleted : user_pref("CT2504091.DSInstall", true); Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Sun Aug 05 2012 15:22:09 GMT+0200"); Deleted : user_pref("CT2504091.DownloadReferralCookieData", ""); Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Mon Jul 02 2012 18:40:02 GMT+0200"); Deleted : user_pref("CT2504091.EnableClickToSearchBox", false); Deleted : user_pref("CT2504091.EnableSearchHistory", false); Deleted : user_pref("CT2504091.EnableSearchSuggest", false); Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 11); Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40); Deleted : user_pref("CT2504091.FirstServerDate", "23-2-2012"); Deleted : user_pref("CT2504091.FirstTime", true); Deleted : user_pref("CT2504091.FirstTimeFF3", true); Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true); Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2504091.HPChangedManually", true); Deleted : user_pref("CT2504091.HPInstall", true); Deleted : user_pref("CT2504091.HasUserGlobalKeys", true); Deleted : user_pref("CT2504091.HomePageProtectorEnabled", false); Deleted : user_pref("CT2504091.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2704262&SearchSource=[...] Deleted : user_pref("CT2504091.Initialize", true); Deleted : user_pref("CT2504091.InitializeCommonPrefs", true); Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration"); Deleted : user_pref("CT2504091.InstallationType", "ConduitXPEIntegration"); Deleted : user_pref("CT2504091.InstalledDate", "Thu Feb 23 2012 19:09:47 GMT+0100"); Deleted : user_pref("CT2504091.IsAlertDBUpdated", true); Deleted : user_pref("CT2504091.IsGrouping", false); Deleted : user_pref("CT2504091.IsInitSetupIni", true); Deleted : user_pref("CT2504091.IsMulticommunity", false); Deleted : user_pref("CT2504091.IsOpenThankYouPage", false); Deleted : user_pref("CT2504091.IsOpenUninstallPage", false); Deleted : user_pref("CT2504091.IsProtectorsInit", true); Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Mon Aug 06 2012 15:33:09 GMT+0200"); Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Mon Jul 16 2012 11:30:07 GMT+0200"); Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Mon Aug 06 2012 15:33:09 GMT+0200"); Deleted : user_pref("CT2504091.LastLogin_3.9.0.3", "Mon Jul 02 2012 18:40:04 GMT+0200"); Deleted : user_pref("CT2504091.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2504091.Locale", "en-us"); Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2504091.MCDetectTooltipShow", false); Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2504091.OriginalFirstVersion", "3.9.0.3"); Deleted : user_pref("CT2504091.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CT2504091.SearchBackToDefaultEngine", false); Deleted : user_pref("CT2504091.SearchBoxWidth", 100); Deleted : user_pref("CT2504091.SearchCaption", "Web Search"); Deleted : user_pref("CT2504091.SearchEngineBeforeUnload", "FreeSoundRecorder Customized Web Search"); Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...] Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true); Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Mon Aug 06 2012 15:33:06 GMT+0200"); Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2504091.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2504091.SearchProtectorEnabled", false); Deleted : user_pref("CT2504091.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2504091.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Mon Aug 06 2012 15:33:08 GMT+0200"); Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Mon Aug 06 2012 15:33:06 GMT+0200"); Deleted : user_pref("CT2504091.SettingsLastUpdate", "1341594968"); Deleted : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13"); Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat Jun 16 2012 12:26:38 GMT+0200"); Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091"); Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2504091.UserID", "UN80803685459613628"); Deleted : user_pref("CT2504091.ValidationData_Toolbar", 0); Deleted : user_pref("CT2504091.alertChannelId", "897164"); Deleted : user_pref("CT2504091.approveUntrustedApps", false); Deleted : user_pref("CT2504091.autoDisableScopes", -1); Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "5468752046656220323320323031322031393A30393A35362[...] Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "536174204A756C20303720323031322031383A[...] Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "706F6C616E64"); Deleted : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F746F7272656E74792E6F72672F75736[...] Deleted : user_pref("CT2504091.components.1000034", false); Deleted : user_pref("CT2504091.components.129079840422182852", false); Deleted : user_pref("CT2504091.components.129079840422339107", false); Deleted : user_pref("CT2504091.components.129079840422964131", false); Deleted : user_pref("CT2504091.components.129079849636241789", false); Deleted : user_pref("CT2504091.components.129707804829376918", false); Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Mon Jul 02 2012 18:40:06 GMT+0200"); Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2504091.initDone", true); Deleted : user_pref("CT2504091.isAppTrackingManagerOn", true); Deleted : user_pref("CT2504091.isSearchProtectorNotifyChanges", false); Deleted : user_pref("CT2504091.myStuffEnabled", true); Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129[...] Deleted : user_pref("CT2504091.revertSettingsEnabled", true); Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2504091.testingCtid", ""); Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Mon Aug 06 2012 15:33:09 GMT+0200"); Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Mon Jul 02 2012 18:40:06 GMT+0200"); Deleted : user_pref("CT2504091.undefined", "Fri Mar 30 2012 16:00:41 GMT+0200"); Deleted : user_pref("CT2504091.usageEnabled", false); Deleted : user_pref("CT2504091.usagesFlag", 2); Deleted : user_pref("CT2704262..clientLogIsEnabled", false); Deleted : user_pref("CT2704262..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2704262..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2704262.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2704262.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2704262.BrowserCompStateIsOpen_129674822392465408", true); Deleted : user_pref("CT2704262.BrowserCompStateIsOpen_129738587603157113", true); Deleted : user_pref("CT2704262.BrowserCompStateIsOpen_129738587703159675", true); Deleted : user_pref("CT2704262.BrowserCompStateIsOpen_129869134590348979", true); Deleted : user_pref("CT2704262.CTID", "CT2704262"); Deleted : user_pref("CT2704262.CurrentServerDate", "6-8-2012"); Deleted : user_pref("CT2704262.DSChangedManually", false); Deleted : user_pref("CT2704262.DSInstall", true); Deleted : user_pref("CT2704262.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2704262.DialogsGetterLastCheckTime", "Sun Aug 05 2012 15:22:09 GMT+0200"); Deleted : user_pref("CT2704262.DownloadReferralCookieData", ""); Deleted : user_pref("CT2704262.FeedLastCount129531287796537552", 400); Deleted : user_pref("CT2704262.FeedPollDate129531287797162554", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2704262.FeedPollDate129531287797162555", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2704262.FeedPollDate129531287797162556", "Mon Jul 02 2012 18:40:08 GMT+0200"); Deleted : user_pref("CT2704262.FeedPollDate129531287797162557", "Mon Jul 02 2012 18:40:08 GMT+0200"); Deleted : user_pref("CT2704262.FeedPollDate129531287797162558", "Mon Jul 02 2012 18:40:09 GMT+0200"); Deleted : user_pref("CT2704262.FeedPollDate129531287797162559", "Mon Jul 02 2012 18:40:09 GMT+0200"); Deleted : user_pref("CT2704262.FeedPollDate129531287797162560", "Mon Jul 02 2012 18:40:09 GMT+0200"); Deleted : user_pref("CT2704262.FeedPollDate129531287797162561", "Mon Jul 02 2012 18:40:09 GMT+0200"); Deleted : user_pref("CT2704262.FeedTTL129531287797162554", 40); Deleted : user_pref("CT2704262.FeedTTL129531287797162555", 40); Deleted : user_pref("CT2704262.FeedTTL129531287797162556", 40); Deleted : user_pref("CT2704262.FeedTTL129531287797162557", 40); Deleted : user_pref("CT2704262.FeedTTL129531287797162558", 40); Deleted : user_pref("CT2704262.FeedTTL129531287797162559", 40); Deleted : user_pref("CT2704262.FeedTTL129531287797162560", 40); Deleted : user_pref("CT2704262.FeedTTL129531287797162561", 40); Deleted : user_pref("CT2704262.FirstServerDate", "30-3-2012"); Deleted : user_pref("CT2704262.FirstTime", true); Deleted : user_pref("CT2704262.FirstTimeFF3", true); Deleted : user_pref("CT2704262.FixPageNotFoundErrors", true); Deleted : user_pref("CT2704262.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2704262.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2704262.HPInstall", true); Deleted : user_pref("CT2704262.HasUserGlobalKeys", true); Deleted : user_pref("CT2704262.HomePageProtectorEnabled", false); Deleted : user_pref("CT2704262.HomepageBeforeUnload", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=[...] Deleted : user_pref("CT2704262.Initialize", true); Deleted : user_pref("CT2704262.InitializeCommonPrefs", true); Deleted : user_pref("CT2704262.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2704262.InstallationId", "ConduitNSISIntegration"); Deleted : user_pref("CT2704262.InstallationType", "ConduitXPEIntegration"); Deleted : user_pref("CT2704262.InstalledDate", "Fri Mar 30 2012 16:00:45 GMT+0200"); Deleted : user_pref("CT2704262.InvalidateCache", false); Deleted : user_pref("CT2704262.IsAlertDBUpdated", true); Deleted : user_pref("CT2704262.IsGrouping", false); Deleted : user_pref("CT2704262.IsInitSetupIni", true); Deleted : user_pref("CT2704262.IsMulticommunity", false); Deleted : user_pref("CT2704262.IsOpenThankYouPage", false); Deleted : user_pref("CT2704262.IsOpenUninstallPage", true); Deleted : user_pref("CT2704262.IsProtectorsInit", true); Deleted : user_pref("CT2704262.LanguagePackLastCheckTime", "Mon Aug 06 2012 15:33:09 GMT+0200"); Deleted : user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2704262.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2704262.LastLogin_3.10.0.1", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2704262.LastLogin_3.13.0.6", "Sun Jul 15 2012 11:37:29 GMT+0200"); Deleted : user_pref("CT2704262.LastLogin_3.14.1.0", "Mon Aug 06 2012 15:33:09 GMT+0200"); Deleted : user_pref("CT2704262.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2704262.Locale", "en"); Deleted : user_pref("CT2704262.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2704262.MCDetectTooltipShow", false); Deleted : user_pref("CT2704262.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2704262.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2704262.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2704262.OriginalFirstVersion", "3.10.0.1"); Deleted : user_pref("CT2704262.RadioIsPodcast", false); Deleted : user_pref("CT2704262.RadioLastCheckTime", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2704262.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000"); Deleted : user_pref("CT2704262.RadioMediaID", "21037024"); Deleted : user_pref("CT2704262.RadioMediaType", "Media Player"); Deleted : user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024"); Deleted : user_pref("CT2704262.RadioShrinkedFromSetup", false); Deleted : user_pref("CT2704262.RadioStationName", "California%20Rock"); Deleted : user_pref("CT2704262.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT2704262.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13"); Deleted : user_pref("CT2704262.SearchBoxWidth", 100); Deleted : user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search"); Deleted : user_pref("CT2704262.SearchEngineBeforeUnload", "Search the web (Softonic)"); Deleted : user_pref("CT2704262.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2704262.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT270[...] Deleted : user_pref("CT2704262.SearchInNewTabEnabled", true); Deleted : user_pref("CT2704262.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2704262.SearchInNewTabLastCheckTime", "Mon Aug 06 2012 15:33:08 GMT+0200"); Deleted : user_pref("CT2704262.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2704262.SearchProtectorEnabled", true); Deleted : user_pref("CT2704262.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2704262.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2704262.ServiceMapLastCheckTime", "Mon Aug 06 2012 15:33:08 GMT+0200"); Deleted : user_pref("CT2704262.SettingsLastCheckTime", "Mon Aug 06 2012 15:33:07 GMT+0200"); Deleted : user_pref("CT2704262.SettingsLastUpdate", "1343322513"); Deleted : user_pref("CT2704262.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2704262&SearchSource=13"); Deleted : user_pref("CT2704262.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Mon Jul 02 2012 18:40:04 GMT+0200"); Deleted : user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2704262.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2704262.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2704262"); Deleted : user_pref("CT2704262.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2704262.UserID", "UN10460210181330598"); Deleted : user_pref("CT2704262.ValidationData_Toolbar", 2); Deleted : user_pref("CT2704262.alertChannelId", "1096603"); Deleted : user_pref("CT2704262.approveUntrustedApps", false); Deleted : user_pref("CT2704262.autoDisableScopes", -1); Deleted : user_pref("CT2704262.backendstorage.2704262a129531303481232105000000paramsgk0", "7B22757064617465526[...] Deleted : user_pref("CT2704262.backendstorage.autocompletepro_enable", "31"); Deleted : user_pref("CT2704262.backendstorage.autocompletepro_enable_auto", "31"); Deleted : user_pref("CT2704262.backendstorage.cbcountry_001", "504C"); Deleted : user_pref("CT2704262.backendstorage.cbfirsttime", "467269204D617220333020323031322031363A30313A30302[...] Deleted : user_pref("CT2704262.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A226874[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat0", "253542253742253232[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat1", "253542253742253232[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat2", "253542253742253232[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat3", "253542253742253232[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000embeddedversion", "322E352[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000feedsobj", "25374225323263[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000lastreporttime", "31333431[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000newfeeds", "6E657746656564[...] Deleted : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000readitemsarr", "2537422532[...] Deleted : user_pref("CT2704262.backendstorage.shoppingapp.gk.exipres", "536174204A756C20303720323031322031383A[...] Deleted : user_pref("CT2704262.backendstorage.shoppingapp.gk.geolocation", "706F6C616E64"); Deleted : user_pref("CT2704262.backendstorage.url_history0001", "687474703A2F2F746F7272656E74792E6F72672F75736[...] Deleted : user_pref("CT2704262.components.1000048", false); Deleted : user_pref("CT2704262.components.1000082", false); Deleted : user_pref("CT2704262.components.129247617826796960", false); Deleted : user_pref("CT2704262.components.129247626948716396", false); Deleted : user_pref("CT2704262.components.129247651152564426", false); Deleted : user_pref("CT2704262.components.129247660838637563", false); Deleted : user_pref("CT2704262.components.129277337289656530", false); Deleted : user_pref("CT2704262.components.129462935447062777", false); Deleted : user_pref("CT2704262.components.129462935449406531", false); Deleted : user_pref("CT2704262.components.129531285405600225", false); Deleted : user_pref("CT2704262.components.129531285614037549", false); Deleted : user_pref("CT2704262.components.129531285794663056", false); Deleted : user_pref("CT2704262.components.129531286205600140", false); Deleted : user_pref("CT2704262.components.129531287796537552", false); Deleted : user_pref("CT2704262.components.129531303481232105", false); Deleted : user_pref("CT2704262.components.129531304509825021", false); Deleted : user_pref("CT2704262.components.129531304803888164", false); Deleted : user_pref("CT2704262.components.129531305429044658", false); Deleted : user_pref("CT2704262.components.129738587603157113", false); Deleted : user_pref("CT2704262.components.129738587703159675", false); Deleted : user_pref("CT2704262.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2704262.globalFirstTimeInfoLastCheckTime", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2704262.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2704262.initDone", true); Deleted : user_pref("CT2704262.isAppTrackingManagerOn", true); Deleted : user_pref("CT2704262.isFirstRadioInstallation", false); Deleted : user_pref("CT2704262.myStuffEnabled", true); Deleted : user_pref("CT2704262.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2704262.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2704262.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2704262.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2704262.navigateToUrlOnSearch", false); Deleted : user_pref("CT2704262.oldAppsList", "129234816889269295,129234816889425546,1000048,111,12924761782679[...] Deleted : user_pref("CT2704262.revertSettingsEnabled", true); Deleted : user_pref("CT2704262.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2704262.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2704262.testingCtid", ""); Deleted : user_pref("CT2704262.toolbarAppMetaDataLastCheckTime", "Mon Aug 06 2012 15:33:09 GMT+0200"); Deleted : user_pref("CT2704262.toolbarContextMenuLastCheckTime", "Mon Jul 02 2012 18:40:07 GMT+0200"); Deleted : user_pref("CT2704262.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2504091&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Web Search,FreeSoundRecorder Customized Web Search"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2704262/CT2704262[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1096603/1092307/PL", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/PL", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2704262", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2704262",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"1691ff9fa89431233319[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"c89044c26eac9e03f64[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"208a5a162b3c6e8cded[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"22f6d1ef598ecb9cf49[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"5c050e0585175f39020[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"7b1da290b87ffc019e1[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"3c3ebc231acc51a9df8bf[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"7cbbca9371da3e77fb799[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Novi\\AppData\\Roaming\\Mozilla\\Fi[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,CT2704262"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091,CT2704262"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091,CT2704262"); Deleted : user_pref("CommunityToolbar.globalUserId", "42e896e3-6643-4b49-99d3-2cf41da091ec"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 02 2012 18:40:0[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 02 2012 18:40:11 GMT+020[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 02 2012 18:40:03 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "01756f7e-e85d-4343-9bb5-fb2641028ac6"); Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Mon Jul 02 2012 18:41:07 GMT+0200"[...] Deleted : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Mon Jul 02 2012 18:41:07 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Mon Jul 02 2012 18:41:07 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Mon Jul 02 2012 18:41:07 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Mon Jul 02 2012 18:41:07 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Mon Jul 02 2012 18:41:07 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Mon Jul 02 2012 18:41:07 GMT+0200")[...] Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Mon Jul 02 2012 18:41:06 GMT+0200")[...] Deleted : user_pref("browser.search.defaultthis.engineName", "FreeSoundRecorder Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&Sea[...] Deleted : user_pref("browser.search.selectedEngine", "Search the web (Softonic)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc=[...] Deleted : user_pref("extensions.Softonic.admin", false); Deleted : user_pref("extensions.Softonic.aflt", "SD"); Deleted : user_pref("extensions.Softonic.autoRvrt", "false"); Deleted : user_pref("extensions.Softonic.dfltLng", "pl"); Deleted : user_pref("extensions.Softonic.dfltSrch", true); Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.dspOld", "FreeSoundRecorder Customized Web Search"); Deleted : user_pref("extensions.Softonic.excTlbr", false); Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&[...] Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc[...] Deleted : user_pref("extensions.Softonic.hpOld", "hxxp://search.conduit.com/?ctid=CT2704262&SearchSource=13"); Deleted : user_pref("extensions.Softonic.id", "38b0de7600000000000074de2bacb1de"); Deleted : user_pref("extensions.Softonic.instlDay", "15492"); Deleted : user_pref("extensions.Softonic.instlRef", "MON00085"); Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=[...] Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=1[...] Deleted : user_pref("extensions.Softonic.prdct", "Softonic"); Deleted : user_pref("extensions.Softonic.prtnrId", "softonic"); Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.tlbrId", "base"); Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource[...] Deleted : user_pref("extensions.Softonic.vrsn", "1.5.24.3"); Deleted : user_pref("extensions.Softonic.vrsni", "1.5.24.3"); Deleted : user_pref("extensions.Softonic_i.dnsErr", true); Deleted : user_pref("extensions.Softonic_i.hmpg", true); Deleted : user_pref("extensions.Softonic_i.newTab", true); Deleted : user_pref("extensions.Softonic_i.smplGrp", "none"); Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.318:11:10"); Deleted : user_pref("extensions.softonic_i.aflt", "SD"); Deleted : user_pref("extensions.softonic_i.dfltLng", ""); Deleted : user_pref("extensions.softonic_i.dfltSrch", true); Deleted : user_pref("extensions.softonic_i.dnsErr", true); Deleted : user_pref("extensions.softonic_i.excTlbr", false); Deleted : user_pref("extensions.softonic_i.hmpg", true); Deleted : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1[...] Deleted : user_pref("extensions.softonic_i.id", "38b0de7600000000000074de2bacb1de"); Deleted : user_pref("extensions.softonic_i.instlDay", "15372"); Deleted : user_pref("extensions.softonic_i.instlRef", "MON00005"); Deleted : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSourc[...] Deleted : user_pref("extensions.softonic_i.newTab", true); Deleted : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...] Deleted : user_pref("extensions.softonic_i.prdct", "softonic"); Deleted : user_pref("extensions.softonic_i.prtnrId", "softonic"); Deleted : user_pref("extensions.softonic_i.smplGrp", "eng7"); Deleted : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)"); Deleted : user_pref("extensions.softonic_i.tlbrId", "en11DECdefault"); Deleted : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSour[...] Deleted : user_pref("extensions.softonic_i.vrsn", "1.5.11.5"); Deleted : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.520:18:18"); Deleted : user_pref("extensions.softonic_i.vrsni", "1.5.11.5"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=[...] Profile name : default File : C:\Users\Danusia\AppData\Roaming\Mozilla\Firefox\Profiles\l9od6qsu.default\prefs.js [OK] File is clean. -\\ Google Chrome v17.0.963.46 File : C:\Users\Novi\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "keyword": "softonic", Deleted : "name": "Search the web (Softonic)", Deleted : "search_url": "hxxp://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=49&cc=", Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...] Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...] Deleted : "path": "plugins/ConduitChromeApiPlugin.dll", Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT270426[...] Deleted : "homepage": "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=48&cc=", Deleted : "name": "Conduit Chrome Plugin", Deleted : "path": "C:\\Users\\Novi\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\k[...] Deleted : "name": "Conduit Chrome Plugin" Deleted : "urls_to_restore_on_startup": [ "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=48&cc=[...] ************************* AdwCleaner[S1].txt - [50887 octets] - [06/08/2012 15:38:29] ########## EOF - C:\AdwCleaner[S1].txt - [51016 octets] ##########

**Posty:** 18165 · przez **wojtas** 06 Sie 2012, 21:30

zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )

zobacz jak system sprawuje się bez antywira ( odinstaluj go na próbę )

**Posty:** 555 · przez **MarcepanowyPiesek** 06 Sie 2012, 22:44

Kod: Zaznacz wszystko: Malwarebytes Anti-Malware (Okres testowy) 1.62.0.1300 www.malwarebytes.org Wersja bazy: v2012.08.06.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Novi :: NOVI-HP [administrator] Ochrona: Włączona 2012-08-06 21:53:36 mbam-log-2012-08-06 (21-53-36).txt Typ skanowania: Pełne skanowanie (C:\|D:\|F:\|Q:\|) Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 326272 Upłynęło: 46 minut(y), 33 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 0 (Nie znaleziono zagrożeń) Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 11 C:\Users\Novi\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\10000006a00002i\SearchIndexer.exe (Rootkit.Dropper) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\1000000e00002i\rundll32.exe (Rootkit.Dropper) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\11400002i\splwow64.exe (Rootkit.Dropper) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\Downloads\DAEMON_Tools_Lite_Downloader.exe (Trojan.StartPage) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\Downloads\Nero_Lite_Downloader.exe (Trojan.StartPage) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\Downloads\SoftonicDownloader_dla_3gp-player.exe (PUP.ToolbarDownloader) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\Downloads\SoftonicDownloader_dla_ventrilo-2-1-4.exe (PUP.ToolbarDownloader) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\Downloads\SoftonicDownloader_for_steam.exe (PUP.BundleOffer.Downloader.S) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\Downloads\Winamp_Downloader.exe (Trojan.StartPage) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\Users\Novi\Downloads\WinRAR_Downloader.exe (Trojan.StartPage) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. F:\Nowy folder\Instalki\ventrilo-2.1.4-Windows-i386.exe (Trojan.Dropper) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. (zakończone)

antywir odinstalowany ale nadal bez nie jest najlepiej

**Posty:** 18165 · przez **wojtas** 07 Sie 2012, 18:49

jak widać w systemie nie masz wirusów, ciężko mi znaleźć przyczynę tych problemów .

może jeszcze sprawdź błędy dysku

**Posty:** 555 · przez **MarcepanowyPiesek** 08 Sie 2012, 15:05

Niestety dalej nie jest za dobrze. Na dysku F ukryty folder RECYLER ale udało mi się wykonać skan OTL po wcześniejszych zabiegach:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-08-08 14:50:47 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Novi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,60 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 62,17% Memory free 7,21 Gb Paging File | 5,48 Gb Available in Paging File | 76,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226,19 Gb Total Space | 173,21 Gb Free Space | 76,58% Space Free | Partition Type: NTFS Drive D: | 15,19 Gb Total Space | 1,88 Gb Free Space | 12,36% Space Free | Partition Type: NTFS Drive F: | 224,08 Gb Total Space | 16,96 Gb Free Space | 7,57% Space Free | Partition Type: NTFS Computer Name: NOVI-HP | User Name: Novi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-05 21:22:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Novi\Downloads\OTL.exe PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-02-25 01:16:56 | 000,278,344 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe PRC - [2012-02-25 01:16:40 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe PRC - [2012-02-07 21:17:42 | 000,065,448 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr.exe PRC - [2012-02-07 21:17:42 | 000,043,944 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr_im.exe PRC - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe PRC - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011-02-09 18:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011-02-04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011-02-01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011-01-06 21:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010-12-28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe PRC - [2010-11-09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-02-01 15:23:09 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011-11-22 02:47:46 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd MOD - [2011-11-22 02:47:44 | 001,609,728 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd MOD - [2011-11-22 02:47:44 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd MOD - [2011-11-22 02:47:42 | 005,694,976 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd MOD - [2011-11-22 02:46:28 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Raptr\sip.pyd MOD - [2011-10-24 20:50:38 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\Raptr\easyhook32.dll MOD - [2011-10-24 20:49:56 | 002,717,595 | ---- | M] () -- C:\Program Files (x86)\Raptr\heliotrope._purple.pyd MOD - [2011-09-09 01:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files (x86)\Raptr\liboscar.dll MOD - [2011-09-09 01:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files (x86)\Raptr\libjabber.dll MOD - [2011-09-09 01:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files (x86)\Raptr\libymsg.dll MOD - [2011-09-09 01:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libaim.dll MOD - [2011-09-09 01:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libicq.dll MOD - [2011-09-09 01:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libirc.dll MOD - [2011-09-09 01:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll MOD - [2011-09-09 01:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll MOD - [2011-09-09 01:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl.dll MOD - [2011-09-09 01:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libmsn.dll MOD - [2011-09-09 01:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libxmpp.dll MOD - [2011-09-09 01:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoo.dll MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\gglog.dll MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipcradioproxy.dll MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipc.dll MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcrypto.dll MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcommon.dll MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtWebKit4.dll MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtScript4.dll MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtXml4.dll MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtSvg4.dll MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtNetwork4.dll MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtGui4.dll MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtCore4.dll MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qtiff4.dll MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qmng4.dll MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qjpeg4.dll MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qgif4.dll MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qsvg4.dll MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\zlib1.dll MOD - [2011-02-15 20:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Raptr\libxml2-2.dll MOD - [2011-02-15 20:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Raptr\sqlite3.dll MOD - [2010-11-23 01:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Raptr\zlib1.dll MOD - [2010-11-23 00:57:36 | 002,042,368 | ---- | M] () -- C:\Program Files (x86)\Raptr\libtorrent.pyd MOD - [2010-11-23 00:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32gui.pyd MOD - [2010-11-23 00:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32file.pyd MOD - [2010-11-23 00:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32api.pyd MOD - [2010-11-23 00:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32process.pyd MOD - [2010-11-23 00:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\Raptr\gobject._gobject.pyd MOD - [2010-11-23 00:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd MOD - [2010-11-23 00:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\Raptr\pythoncom26.dll MOD - [2010-11-23 00:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\pywintypes26.dll MOD - [2010-11-23 00:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\Raptr\PIL._imaging.pyd MOD - [2010-11-23 00:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ssl.pyd MOD - [2010-11-23 00:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\unicodedata.pyd MOD - [2010-11-23 00:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files (x86)\Raptr\_hashlib.pyd MOD - [2010-11-23 00:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Raptr\pyexpat.pyd MOD - [2010-11-23 00:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ctypes.pyd MOD - [2010-11-23 00:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Raptr\_sqlite3.pyd MOD - [2010-11-23 00:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Raptr\_socket.pyd MOD - [2010-11-23 00:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Raptr\winsound.pyd [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-07-06 09:08:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011-07-05 12:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2011-02-16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:[b]64bit:[/b] - [2010-07-21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:[b]64bit:[/b] - [2009-11-18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012-07-14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-06-27 11:56:00 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-02-25 01:16:40 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-03-01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011-02-04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011-02-01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011-01-06 21:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-01-06 21:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-12-28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010-11-09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012-06-07 10:45:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-04-04 19:07:17 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-10-01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2011-10-01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2011-10-01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2011-10-01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2011-08-03 20:38:13 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-08-03 20:38:13 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-07-14 01:06:32 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2011-07-06 09:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011-07-06 08:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011-04-16 12:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b]64bit:[/b] - [2011-04-16 12:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b]64bit:[/b] - [2011-03-05 09:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-02-15 21:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:[b]64bit:[/b] - [2011-02-10 16:50:22 | 002,717,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2011-02-09 18:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:[b]64bit:[/b] - [2011-01-06 21:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2011-01-06 21:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2011-01-06 21:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2011-01-06 21:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2011-01-06 21:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2011-01-06 21:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2011-01-06 21:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2010-12-21 02:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010-11-30 02:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-02-18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com/ IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/ IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\SearchScopes,DefaultScope = {3056A50B-3067-4CD7-9908-0E483FEDFD36} IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\SearchScopes\{3056A50B-3067-4CD7-9908-0E483FEDFD36}: "URL" = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=353 IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\SearchScopes\{BB439682-007D-459C-BC68-FB6396279EFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262 IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Novi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-08-06 13:11:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-08-06 15:38:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9764bb84-7272-11dd-8eb6-20d155d89557}: C:\Users\Novi\AppData\Roaming\hideip_firefox_plugin\ [2012-04-14 12:45:18 | 000,000,000 | ---D | M] [2012-02-01 15:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Novi\AppData\Roaming\mozilla\Extensions [2012-08-06 15:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Novi\AppData\Roaming\mozilla\Firefox\Profiles\3se4voz7.default\extensions [2012-07-14 14:46:26 | 000,000,000 | ---D | M] (Youtube Video Replay) -- C:\Users\Novi\AppData\Roaming\mozilla\Firefox\Profiles\3se4voz7.default\extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076} [2012-08-06 13:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012-02-12 17:04:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-07-14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-02-15 18:50:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-12-09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-07-14 03:22:43 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-07-14 03:22:43 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-07-14 03:22:43 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-07-14 03:22:43 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-07-14 03:22:43 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-07-14 03:22:43 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Novi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Novi\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Novi\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Novi\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Novi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Adblock Plus (Beta) = C:\Users\Novi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\Novi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenzura!\1.9.13_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\Novi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenzura!\1.9.14_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files (x86)\Common Files\Onet.pl\NewAutoUpdate.exe (Onet.pl) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify) O4 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001..\Run: [Facebook Update] C:\Users\Novi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc) O4 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A310FE-4CCB-499D-B5DB-E8B86952EA43}: NameServer = 194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94103386-EE52-46BD-831B-5C2BF678F864}: NameServer = 194.204.159.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{634d1e9d-b078-11e1-a923-74de2bacb1de}\Shell - "" = AutoRun O33 - MountPoints2\{634d1e9d-b078-11e1-a923-74de2bacb1de}\Shell\AutoRun\command - "" = G:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-06 21:48:50 | 000,000,000 | ---D | C] -- C:\Users\Novi\AppData\Roaming\Malwarebytes [2012-08-06 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-08-06 21:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-08-06 21:48:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-08-06 21:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-08-06 13:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012-08-05 17:46:27 | 000,000,000 | ---D | C] -- C:\Users\Novi\Desktop\Nowy folder (2) [2012-08-05 16:53:30 | 000,000,000 | ---D | C] -- C:\Users\Novi\Desktop\Nowy folder [2012-08-05 15:59:52 | 000,000,000 | ---D | C] -- C:\Users\Novi\Desktop\WOODSTOCK [2012-07-26 17:59:49 | 000,000,000 | ---D | C] -- C:\Users\Novi\AppData\Roaming\DeepBurner [2012-07-26 17:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner [2012-07-26 17:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft [2012-07-19 14:08:00 | 000,000,000 | ---D | C] -- C:\Users\Novi\Desktop\na studia [2012-07-12 12:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2012-07-12 12:13:00 | 000,000,000 | ---D | C] -- C:\Users\Novi\AppData\Local\eMule [2012-07-12 12:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule [2012-07-12 12:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule [2012-07-12 12:01:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-07-12 12:01:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-07-12 12:01:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-07-12 12:01:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-07-12 12:01:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-07-12 12:01:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-07-12 12:00:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-07-12 12:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-07-12 12:00:56 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-07-12 12:00:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-07-12 12:00:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-07-12 12:00:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-07-12 12:00:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-07-11 10:27:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012-07-11 10:27:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012-07-11 10:27:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-07-11 10:27:24 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012-07-11 10:27:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012-07-10 21:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2010-11-03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Novi\AppData\Roaming\MinecraftSP.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-08 14:05:24 | 001,551,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-08-08 14:05:24 | 000,698,356 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-08-08 14:05:24 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-08-08 14:05:24 | 000,135,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-08-08 14:05:24 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-08-08 12:35:05 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001UA.job [2012-08-08 12:35:05 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001Core.job [2012-08-08 10:40:54 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-08 10:40:54 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-08 10:32:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-08 10:32:28 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys [2012-08-07 22:55:47 | 373,253,083 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-08-07 21:34:46 | 000,099,372 | ---- | M] () -- C:\Users\Novi\Desktop\20120729196.jpg [2012-08-07 21:34:44 | 000,104,615 | ---- | M] () -- C:\Users\Novi\Desktop\20120729195.jpg [2012-08-07 21:34:42 | 000,103,056 | ---- | M] () -- C:\Users\Novi\Desktop\20120729193.jpg [2012-08-07 21:34:42 | 000,101,686 | ---- | M] () -- C:\Users\Novi\Desktop\20120729194.jpg [2012-08-06 21:48:38 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-08-06 13:11:48 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-08-05 16:54:29 | 074,954,741 | ---- | M] () -- C:\Users\Novi\Desktop\Nowy folder.rar [2012-08-05 15:11:32 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNOVI-HP$.job [2012-07-26 17:59:38 | 000,001,041 | ---- | M] () -- C:\Users\Novi\Desktop\DeepBurner.lnk [2012-07-19 12:58:18 | 001,201,805 | ---- | M] () -- C:\Users\Novi\Desktop\podanie3c.pdf [2012-07-19 12:57:39 | 000,126,831 | ---- | M] () -- C:\Users\Novi\Desktop\podanie121212.pdf [2012-07-19 12:57:27 | 000,062,458 | ---- | M] () -- C:\Users\Novi\Desktop\podanie2c.pdf [2012-07-19 12:57:21 | 000,431,560 | ---- | M] () -- C:\Users\Novi\Desktop\podanie1c.pdf [2012-07-19 12:52:49 | 001,201,805 | ---- | M] () -- C:\Users\Novi\Desktop\podanie3b.pdf [2012-07-19 12:52:40 | 000,062,458 | ---- | M] () -- C:\Users\Novi\Desktop\podanie2b.pdf [2012-07-19 12:52:32 | 000,431,560 | ---- | M] () -- C:\Users\Novi\Desktop\podanie1b.pdf [2012-07-19 12:40:07 | 001,201,805 | ---- | M] () -- C:\Users\Novi\Desktop\podanie3a.pdf [2012-07-19 12:39:45 | 000,062,458 | ---- | M] () -- C:\Users\Novi\Desktop\podanie2a.pdf [2012-07-19 12:39:18 | 000,431,555 | ---- | M] () -- C:\Users\Novi\Desktop\podanie1a.pdf [2012-07-19 12:27:06 | 001,201,805 | ---- | M] () -- C:\Users\Novi\Desktop\podanie3.pdf [2012-07-19 12:24:25 | 000,062,458 | ---- | M] () -- C:\Users\Novi\Desktop\podanie2.pdf [2012-07-19 12:23:52 | 000,431,556 | ---- | M] () -- C:\Users\Novi\Desktop\podanie.pdf [2012-07-19 00:45:01 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNovi.job [2012-07-18 14:30:56 | 000,046,385 | ---- | M] () -- C:\Users\Novi\Desktop\P7185124 236x295.jpg [2012-07-14 14:37:39 | 000,275,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-07-12 12:13:03 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-08 14:03:04 | 000,104,615 | ---- | C] () -- C:\Users\Novi\Desktop\20120729195.jpg [2012-08-08 14:03:04 | 000,103,056 | ---- | C] () -- C:\Users\Novi\Desktop\20120729193.jpg [2012-08-08 14:03:04 | 000,101,686 | ---- | C] () -- C:\Users\Novi\Desktop\20120729194.jpg [2012-08-08 14:03:04 | 000,099,372 | ---- | C] () -- C:\Users\Novi\Desktop\20120729196.jpg [2012-08-06 21:48:38 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-08-06 13:11:48 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-08-06 13:11:47 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-08-05 16:53:45 | 074,954,741 | ---- | C] () -- C:\Users\Novi\Desktop\Nowy folder.rar [2012-07-26 17:59:38 | 000,001,041 | ---- | C] () -- C:\Users\Novi\Desktop\DeepBurner.lnk [2012-07-20 11:39:59 | 000,046,385 | ---- | C] () -- C:\Users\Novi\Desktop\P7185124 236x295.jpg [2012-07-19 12:58:18 | 001,201,805 | ---- | C] () -- C:\Users\Novi\Desktop\podanie3c.pdf [2012-07-19 12:57:39 | 000,126,831 | ---- | C] () -- C:\Users\Novi\Desktop\podanie121212.pdf [2012-07-19 12:57:27 | 000,062,458 | ---- | C] () -- C:\Users\Novi\Desktop\podanie2c.pdf [2012-07-19 12:57:20 | 000,431,560 | ---- | C] () -- C:\Users\Novi\Desktop\podanie1c.pdf [2012-07-19 12:52:48 | 001,201,805 | ---- | C] () -- C:\Users\Novi\Desktop\podanie3b.pdf [2012-07-19 12:52:40 | 000,062,458 | ---- | C] () -- C:\Users\Novi\Desktop\podanie2b.pdf [2012-07-19 12:52:32 | 000,431,560 | ---- | C] () -- C:\Users\Novi\Desktop\podanie1b.pdf [2012-07-19 12:40:06 | 001,201,805 | ---- | C] () -- C:\Users\Novi\Desktop\podanie3a.pdf [2012-07-19 12:39:44 | 000,062,458 | ---- | C] () -- C:\Users\Novi\Desktop\podanie2a.pdf [2012-07-19 12:39:18 | 000,431,555 | ---- | C] () -- C:\Users\Novi\Desktop\podanie1a.pdf [2012-07-19 12:27:05 | 001,201,805 | ---- | C] () -- C:\Users\Novi\Desktop\podanie3.pdf [2012-07-19 12:24:25 | 000,062,458 | ---- | C] () -- C:\Users\Novi\Desktop\podanie2.pdf [2012-07-19 12:23:51 | 000,431,556 | ---- | C] () -- C:\Users\Novi\Desktop\podanie.pdf [2012-07-12 12:13:03 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk [2012-07-11 18:11:31 | 000,038,253 | ---- | C] () -- C:\Users\Novi\Desktop\561210_368312289881877_100001093271424_1021516_796073522_n.jpg [2012-04-05 15:22:25 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini [2012-04-05 14:59:15 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI [2012-03-11 12:01:01 | 001,575,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-02-09 20:15:39 | 000,007,610 | ---- | C] () -- C:\Users\Novi\AppData\Local\Resmon.ResmonCfg [2012-02-01 17:21:38 | 000,093,671 | ---- | C] () -- C:\Users\Novi\AppData\Roaming\Uninstal.exe [2011-11-06 10:52:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-08-03 11:32:35 | 000,000,161 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2011-07-05 12:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011-03-18 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010-12-21 02:20:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [color=#E56717]========== LOP Check ==========[/color] [2012-07-22 20:08:13 | 000,000,000 | ---D | M] -- C:\Users\Danusia\AppData\Roaming\Synaptics [2012-06-06 15:44:56 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\.minecraft [2012-02-09 16:28:53 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\AutoUpdate [2012-06-07 11:26:19 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Azureus [2012-06-07 10:56:01 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\DAEMON Tools Lite [2012-07-26 18:40:54 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\DeepBurner [2012-02-29 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Free Sound Recorder [2012-02-01 17:25:24 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Gadu-Gadu 10 [2012-04-14 12:45:20 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Hide IP NG [2012-04-14 12:45:18 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\hideip_firefox_plugin [2012-06-26 15:20:34 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Kamerzysta [2012-02-19 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\NapiProjekt [2012-08-08 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Raptr [2012-07-11 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\SoftGrid Client [2012-01-31 15:31:55 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Synaptics [2012-04-18 16:30:45 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\Thinstall [2012-03-11 12:02:14 | 000,000,000 | ---D | M] -- C:\Users\Novi\AppData\Roaming\TP [2012-08-08 12:35:05 | 000,001,052 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001Core.job [2012-08-08 12:35:05 | 000,001,074 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001UA.job [2012-05-16 09:13:40 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [code][/code]

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-08-08 14:50:47 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Novi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,60 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 62,17% Memory free 7,21 Gb Paging File | 5,48 Gb Available in Paging File | 76,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226,19 Gb Total Space | 173,21 Gb Free Space | 76,58% Space Free | Partition Type: NTFS Drive D: | 15,19 Gb Total Space | 1,88 Gb Free Space | 12,36% Space Free | Partition Type: NTFS Drive F: | 224,08 Gb Total Space | 16,96 Gb Free Space | 7,57% Space Free | Partition Type: NTFS Computer Name: NOVI-HP | User Name: Novi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1523797889-172687695-3278824753-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2133BF79-8EC2-4351-9283-2FE49CBC11D3}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{283DEB22-1521-4AD9-AEE1-5C0B734A3661}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{584097A6-DC98-4CFD-A587-24AB344E20A4}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{6979A77E-9BA3-4AD9-9C5A-B51005B17B23}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "{6EA7FEFD-8058-45FD-BAF0-323176FC1C5A}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{7E5B85CD-3E24-47C9-81D2-4C91C7A2441E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{84421EC5-4220-4BED-B93E-36EFD3108CBB}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{8B982B52-8444-47F8-80B3-853F4F814C3D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8C3FEFCF-2D1E-4573-9734-FDB148D28356}" = lport=2869 | protocol=6 | dir=in | app=system | "{95FCE7B1-65B8-4176-8180-BAB5E0D44E04}" = rport=2869 | protocol=6 | dir=out | app=system | "{B12F856C-CE0D-4D4B-8FA7-2C4FF2D25B98}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | "{B2304ECA-7772-41AC-8B7D-4A0A9A773F83}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{F812184B-FAC0-472D-8AB8-A8E76A252335}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04817C95-003E-477E-94A7-ECBBADDDC5A9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{07C722D7-CEE7-4690-BFF1-C7505ED17E98}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe | "{1260417E-9D4D-45A1-821C-4267FC1715DA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{1A60FBC7-379C-4DA9-9391-70144956FE2B}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{2F9B24F1-2137-4040-B4F8-AED3041BE033}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{388247BB-8939-4E7A-9AB7-F12E9C3290DE}" = dir=in | app=c:\users\novi\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{3A31E6D2-3951-49BC-8FF8-1CC91931C5CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\novi009\counter-strike\hl.exe | "{3D8369DF-763D-468E-A1B2-E08978EF9840}" = protocol=58 | dir=in | app=system | "{4469B51F-3018-4C3E-91BB-07B9987CA7D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{4BC9021E-62CB-499E-9DDC-0940E7F06ADF}" = protocol=6 | dir=in | app=c:\quake iii arena\quake3\quake3.exe | "{4F450D56-4828-454F-81D7-EAFBDD942026}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{56EC5C48-A9E9-468C-A989-EA2238DED8D2}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe | "{70232620-BCA2-4BF2-AF5E-998C93E7B7CC}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe | "{755B517F-4E38-4FB6-A4F3-B224E8AE08A6}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe | "{8C56864F-1A7F-4BBA-ABC8-29E17B9D5E01}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe | "{93372049-02DE-439D-B690-4150C07F6B5D}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{93D2FF97-283C-4033-B2B3-41593D7289F7}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{95ECFDD8-889C-48CB-AC67-6FAC27972046}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe | "{9760F011-348B-4A9C-BFA9-1AC80C380A27}" = protocol=17 | dir=in | app=c:\quake iii arena\quake3\quake3.exe | "{A4C51234-8EF5-449C-B552-E0D81DE83E4C}" = dir=out | app=c:\windows\system32\svchost.exe | "{B5739FC9-B7E9-4790-B471-D6F0A329E8D7}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{BB4467D8-E794-433C-AC3A-6B8B1651F818}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) | "{C6722357-1219-4604-82D2-F3F1DECB53F8}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{D9AB3980-5BBF-41A5-BA5E-3547F04749B2}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe | "{DD46335D-B7A4-4FB3-95FD-6F90BC48F996}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\novi009\counter-strike\hl.exe | "{E8C655B0-E342-4E72-BA27-FB50164D5678}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{ED7137B4-059B-4861-8F73-6E9980B34B04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{ED96DC52-E154-44FB-A9EE-312D139225BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F22DD1CF-18A7-4799-AB5C-95916301D8D0}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | "{F41CD7F4-3207-4D98-8F6D-22B8447D6D9A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe | "TCP Query User{0AA16663-A148-40B1-A556-B43EE6F7352F}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{1565EB44-EC2A-4F5F-95BA-E47E64D4FF61}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{1AEA5C2A-13AA-4724-A571-57212E6C4368}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{239A8A89-43B3-4A2B-9B29-FEDE4B109E68}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "TCP Query User{8E97375F-CAE5-4612-88AA-B0577FC6FDF9}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "TCP Query User{B9F15618-FCFD-44D2-A6C9-67379C207936}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "TCP Query User{D561B46C-27E9-4D9E-9765-C9AF517903F2}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "TCP Query User{E91B0211-55DB-498E-ADB5-5443F0616F71}C:\quake iii arena\quake3\quake3.exe" = protocol=6 | dir=in | app=c:\quake iii arena\quake3\quake3.exe | "UDP Query User{04F98897-B897-495C-A67E-F00173F9C267}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{0E301CB4-530F-41FE-A7C6-89CB04BECFA2}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "UDP Query User{42FBCF12-EF89-40B3-AA79-96BA83AEF126}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "UDP Query User{59F826D4-54DF-47BB-94D1-220D98F4CD16}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "UDP Query User{7503B068-6D71-491E-8666-D7EB2170A1B2}C:\quake iii arena\quake3\quake3.exe" = protocol=17 | dir=in | app=c:\quake iii arena\quake3\quake3.exe | "UDP Query User{7A58FBD0-C41B-4A3F-AB94-EBA8F9FA10A7}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | "UDP Query User{948A20B4-C80D-42AB-AF29-0926F235C150}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "UDP Query User{A622CC15-6071-448A-B231-082ACF76FA9D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96B1204B-B5D8-47D3-9817-9D0031FD3E03}" = HP Wireless Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Connectify" = Connectify "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display "{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German "{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English "{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}" = HP Documentation "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian "{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish "{63738043-A663-4200-AE33-0923C98843C8}" = HP Software Framework "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8CA199A8-574E-432F-A98F-A55741E233D1}_is1" = 3GP Player 2010 "{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0415-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean "{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant "{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common "{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech "{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard "{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All "{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian "{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86 "{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1 "{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AP Tuner 3.08" = AP Tuner 3.08 "DAEMON Tools Lite" = DAEMON Tools Lite "Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52 "eMule" = eMule "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook! "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free Sound Recorder_is1" = Free Sound Recorder v9.3.1 "Gadu-Gadu 10" = Gadu-Gadu 10 "Hide IP NG_is1" = Hide IP NG 1.66 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Kamerzysta" = Kamerzysta (deinstalacja) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Minecraft 1.2.0_02" = Minecraft 1.2.0_02 "Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.0.0.2151) "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "Orb" = Winamp Remote "PDF Complete" = PDF Complete Special Edition "Raptr" = Raptr "Softonic" = Softonic toolbar on IE "Steam App 10" = Counter-Strike "Stoper ver 1.2_is1" = Stoper 1.2 "Symulator Jazdy Samochodem 2006 PL_is1" = 1.6 "V9Software" = Deinstalator Strony V9 "WildTangent hp Master Uninstall" = HP Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bit) "WT087328" = Blackhawk Striker 2 "WT087330" = Bounce Symphony "WT087335" = Build-a-lot 2 "WT087343" = Dora's World Adventure "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087536" = Diner Dash 2 Restaurant Rescue "WT089307" = Virtual Villagers 4 - The Tree of Life "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089457" = Slingo Supreme "WT089458" = Plants vs. Zombies - Game of the Year "WT089470" = FATE - The Traitor Soul "WT089484" = Namco All-Stars PAC-MAN "WT089496" = Mystery P.I. - Stolen in San Francisco "WT089498" = Bejeweled 3 "WT089504" = Final Drive Nitro [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1523797889-172687695-3278824753-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Save 100%" = Save 100% "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-21 04:04:52 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = Error - 2012-07-22 14:01:51 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = Error - 2012-07-22 14:58:35 | Computer Name = Novi-HP | Source = Windows Backup | ID = 4104 Description = Error - 2012-07-23 12:12:34 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = Error - 2012-07-24 05:32:43 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = Error - 2012-07-24 18:09:16 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = Error - 2012-07-25 04:05:07 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = Error - 2012-07-26 09:35:05 | Computer Name = Novi-HP | Source = Google Update | ID = 20 Description = Error - 2012-07-28 04:13:35 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = Error - 2012-07-29 07:29:35 | Computer Name = Novi-HP | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 2012-02-22 14:55:34 | Computer Name = Novi-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021222075530.xml File not created by asset agent Error - 2012-02-29 14:36:06 | Computer Name = Novi-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021229073601.xml File not created by asset agent Error - 2012-04-04 13:23:26 | Computer Name = Novi-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041204072323.xml File not created by asset agent [ HP Wireless Assistant Events ] Error - 2012-05-22 14:44:32 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-06-07 04:15:28 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-06-08 01:41:23 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-06-13 17:27:07 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-06-18 05:13:19 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Wywołanie zostało anulowane przez filtr komunikatów. (Wyjątek od HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) w System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) w System.Management.ManagementScope.InitializeGuts(Object o) w System.Management.ManagementScope.Initialize() w System.Management.ManagementObjectSearcher.Initialize() w System.Management.ManagementObjectSearcher.Get() w HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) w HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) w System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() w System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-06-21 05:54:33 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-06-22 04:23:17 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-07-28 04:16:15 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-07-30 11:46:19 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2012-08-06 09:32:48 | Computer Name = Novi-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 w HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) w HPPA_Service.CurrentConfiguration.ReloadRadioList() [ System Events ] Error - 2012-08-06 09:51:19 | Computer Name = Novi-HP | Source = Service Control Manager | ID = 7034 Description = Usługa Atheros Bt&Wlan Coex Agent niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-08-06 09:53:23 | Computer Name = Novi-HP | Source = DCOM | ID = 10010 Description = Error - 2012-08-06 14:50:27 | Computer Name = Novi-HP | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 18:40:18 na ?2012-?08-?06 było nieoczekiwane. Error - 2012-08-06 14:51:09 | Computer Name = Novi-HP | Source = BugCheck | ID = 1001 Description = Error - 2012-08-07 04:30:53 | Computer Name = Novi-HP | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 02:35:07 na ?2012-?08-?07 było nieoczekiwane. Error - 2012-08-07 04:31:11 | Computer Name = Novi-HP | Source = BugCheck | ID = 1001 Description = Error - 2012-08-07 07:04:04 | Computer Name = Novi-HP | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 12:55:46 na ?2012-?08-?07 było nieoczekiwane. Error - 2012-08-07 16:55:52 | Computer Name = Novi-HP | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 19:51:56 na ?2012-?08-?07 było nieoczekiwane. Error - 2012-08-07 16:56:10 | Computer Name = Novi-HP | Source = BugCheck | ID = 1001 Description = Error - 2012-08-07 18:56:52 | Computer Name = Novi-HP | Source = DCOM | ID = 10010 Description = < End of report >

**Posty:** 18165 · przez **wojtas** 08 Sie 2012, 18:33

odinstaluj : Softonic toolbar on IE, "V9Software" = Deinstalator Strony V9

więcej nic nie ma. to nie wina wirusów

Autor postu otrzymał pochwałę

**Posty:** 205 · przez **defacto19** 08 Sie 2012, 18:58

Prawdopodobnie jest to wina kiepskiego oprogramowania HP.

Drobne czyszczenie:

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

:OTL
IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\SearchScopes\{3056A50B-3067-4CD7-9908-0E483FEDFD36}: "URL" = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=353
IE - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\SearchScopes\{BB439682-007D-459C-BC68-FB6396279EFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
O3 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files (x86)\Common Files\Onet.pl\NewAutoUpdate.exe (Onet.pl)
O4 - HKU\S-1-5-21-1523797889-172687695-3278824753-1001..\Run: [Facebook Update] C:\Users\Novi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{634d1e9d-b078-11e1-a923-74de2bacb1de}\Shell - "" = AutoRun
O33 - MountPoints2\{634d1e9d-b078-11e1-a923-74de2bacb1de}\Shell\AutoRun\command - "" = G:\Install.exe
[2012-08-08 12:35:05 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001UA.job
[2012-08-08 12:35:05 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001Core.job
[2012-08-05 15:11:32 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNOVI-HP$.job
[2012-07-19 00:45:01 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNovi.job

:Commands
[emptytemp]

Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który powstanie po restarcie, i przedstaw go na forum.

Wykonaj jeszcze czysty rozruch -> http://support.microsoft.com/kb/331796/pl

**Posty:** 555 · przez **MarcepanowyPiesek** 09 Sie 2012, 11:35

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1523797889-172687695-3278824753-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry key HKEY_USERS\S-1-5-21-1523797889-172687695-3278824753-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3056A50B-3067-4CD7-9908-0E483FEDFD36}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3056A50B-3067-4CD7-9908-0E483FEDFD36}\ not found. Registry key HKEY_USERS\S-1-5-21-1523797889-172687695-3278824753-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB439682-007D-459C-BC68-FB6396279EFB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB439682-007D-459C-BC68-FB6396279EFB}\ not found. Registry value HKEY_USERS\S-1-5-21-1523797889-172687695-3278824753-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Onet.pl AutoUpdate deleted successfully. C:\Program Files (x86)\Common Files\Onet.pl\NewAutoUpdate.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-1523797889-172687695-3278824753-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully. C:\Users\Novi\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{634d1e9d-b078-11e1-a923-74de2bacb1de}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{634d1e9d-b078-11e1-a923-74de2bacb1de}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{634d1e9d-b078-11e1-a923-74de2bacb1de}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{634d1e9d-b078-11e1-a923-74de2bacb1de}\ not found. File G:\Install.exe not found. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001UA.job moved successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1523797889-172687695-3278824753-1001Core.job moved successfully. C:\Windows\Tasks\HPCeeScheduleForNOVI-HP$.job moved successfully. C:\Windows\Tasks\HPCeeScheduleForNovi.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Danusia ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Moje dokumenty User: Novi ->Temp folder emptied: 1179560 bytes ->Temporary Internet Files folder emptied: 376882 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 758043423 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3428 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1657 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes RecycleBin emptied: 15277406 bytes Total Files Cleaned = 739,00 mb OTL by OldTimer - Version 3.2.56.0 log created on 08092012_112317 Files\Folders moved on Reboot... C:\Users\Novi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Novi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...

**Posty:** 154 · przez **Darkman0** 09 Sie 2012, 12:15

Przypominam sobie, że miałem coś podobnego. W takiej sytuacji "uratował" mnie program ComboFix. Kilkanaście minut skanowania i komputer był jak nowy. Możesz spróbować.

**Posty:** 12734 · przez **Mikou@j** 09 Sie 2012, 12:30

Darkman0 napisał(a):Przypominam sobie, że miałem coś podobnego. W takiej sytuacji "uratował" mnie program ComboFix. Kilkanaście minut skanowania i komputer był jak nowy. Możesz spróbować.

Bez znajomości Combofixa, można sobie nieźle uwalić system, więc bez wyraźnego polecenia naszych ekspertów w tej dziedzinie, nie używa się tego narzędzia.

**Posty:** 205 · przez **defacto19** 09 Sie 2012, 13:13

Uruchom OTL, i użyj opcji sprzątanie, to go usunie razem, z jego kwarantanną.

Autor postu otrzymał pochwałę

**Posty:** 154 · przez **Darkman0** 09 Sie 2012, 13:22

Hmmm... Masz rację, powinienem był wspomnieć o kwestii bezpieczeństwa. Zdarza się, że po zastosowaniu Combofixa system w ogóle nie działa i pomaga tylko format. Ale są to sporadyczne przypadki. Kilku moich znajomych naprawdę bez żadnej znajomości komputera zastosowało ten program i wszyscy z nich są bardzo zadowoleni. Zresztą, można poczytać wiele komentarzy na jego temat.
Mimo to, MarcepanowyPiesek, stosuj się lepiej do zaleceń profesjonalistów, a nie moich.

**Posty:** 555 · przez **MarcepanowyPiesek** 09 Sie 2012, 14:01

czyli co, kombinowac jeszcze z Combo? Jest już lepiej ale nie ma porównania niestety z tym co było jeszcze przed 2 miesiącami...

EDIT.

+ dodatkowo nie wiem dlaczego ale zużycie RAMU i CPU jest cały czas w okolicach 40% (pomimo odpalonej wyłącznie przeglądarki)

Kto jest na forum