Usunięte pliki nie znikają, nie działają gniazda usb

**Posty:** 760 · przez **gulek** 23 Lut 2013, 13:35

Witam, jakieś dziadostwo wdało mi się w system, a ukazuje się to w taki sposób:
-jak usunę bądź przeniosę plik, folder z dowolnej lokalizacji to nadal jest widoczny dopóki nie odświeżę systemu;
-po uruchomieniu systemu nie działają mi wszystkie gniazda USB, bez różnicy czy podepnę myszkę czy pendrive. Muszę poczekać z 5 min i dopiero system załapuje;
-system długo się uruchamia;
Czyściłem system za pomocą CCleaner, combofixem i malwarebytes i nic nie znalazły.

Kod: Zaznacz wszystko: OTL logfile created on: 2013-02-23 12:19:05 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gulek\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,84 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 54,93% Memory free 7,68 Gb Paging File | 6,03 Gb Available in Paging File | 78,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 43,85 Gb Total Space | 8,96 Gb Free Space | 20,44% Space Free | Partition Type: NTFS Drive D: | 421,81 Gb Total Space | 57,15 Gb Free Space | 13,55% Space Free | Partition Type: NTFS Computer Name: GULEK-KOMPUTER | User Name: Gulek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-02-23 12:18:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gulek\Desktop\OTL.exe PRC - [2013-02-07 16:47:17 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012-11-21 20:55:03 | 000,246,112 | ---- | M] () -- C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe PRC - [2012-10-09 16:36:33 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe PRC - [2012-10-09 16:36:33 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-03-02 08:59:26 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2012-03-02 08:59:24 | 001,106,512 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2012-03-02 08:59:24 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2012-03-02 08:59:24 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2012-02-19 18:41:40 | 000,072,864 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe PRC - [2012-02-08 03:03:36 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-02-08 03:03:34 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-02-08 03:03:16 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-01-27 10:40:46 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011-11-29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-06-22 09:53:36 | 000,245,760 | ---- | M] (Arcai.com) -- C:\Program Files (x86)\netcut\services\AIPS.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-03-12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-03-16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-02-02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-02-17 21:08:05 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-12-14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012-11-21 20:55:03 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc) SRV - [2012-10-09 16:36:33 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-10-02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-09-06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012-03-02 08:59:24 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2012-02-20 11:26:32 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012-02-19 18:41:40 | 000,072,864 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2012-02-08 03:03:36 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-02-08 03:03:34 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-02-08 03:03:16 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011-11-29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-06-22 09:53:36 | 000,245,760 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files (x86)\netcut\services\AIPS.exe -- (AIPS) SRV - [2011-03-16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010-06-25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-02-23 12:13:18 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-11-28 18:49:00 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:[b]64bit:[/b] - [2012-11-21 20:55:03 | 000,229,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:[b]64bit:[/b] - [2012-11-21 20:55:03 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2012-11-21 20:55:03 | 000,104,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2012-11-21 20:55:03 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2012-11-21 20:55:03 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2012-11-21 20:55:03 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:[b]64bit:[/b] - [2012-10-09 17:08:47 | 000,268,376 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2012-10-09 17:08:47 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2012-10-02 23:21:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-20 11:36:00 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2012-02-20 11:35:14 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2012-02-20 11:35:02 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2012-02-20 11:34:32 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2012-02-20 11:34:14 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2012-02-20 11:33:56 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2012-02-20 11:33:44 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:[b]64bit:[/b] - [2012-02-20 11:33:26 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2012-02-15 00:41:34 | 003,538,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2012-02-09 17:12:08 | 000,078,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:[b]64bit:[/b] - [2012-01-27 10:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012-01-27 10:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012-01-27 10:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012-01-18 23:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b]64bit:[/b] - [2011-11-29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-11-10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2011-11-04 09:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:[b]64bit:[/b] - [2011-11-04 09:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:[b]64bit:[/b] - [2011-09-15 08:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2011-09-02 13:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010-11-20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-07-15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:[b]64bit:[/b] - [2010-07-15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:[b]64bit:[/b] - [2010-06-25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2010-01-05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2009-11-11 14:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:[b]64bit:[/b] - [2009-09-03 15:24:28 | 000,030,736 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010-07-15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2010-07-15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=vlt2&from=vlt2&uid=TOSHIBA_MK5059GSXP_327DC5JFT__327DC5JFT&ts=1351961997 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=vlt2&from=vlt2&uid=TOSHIBA_MK5059GSXP_327DC5JFT__327DC5JFT&ts=1351961997 IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=40bbf6b900000000000000ff2a37ca1c IE - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=40bbf6b900000000000000ff2a37ca1c IE - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 IE - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=40bbf6b900000000000000ff2a37ca1c" FF - prefs.js..extensions.enabledAddons: {7473b6bd-4691-4744-a82b-7854eb3d70b6}:10.14.42.7 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-09 12:15:53 | 000,000,000 | ---D | M] [2012-10-15 11:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gulek\AppData\Roaming\mozilla\Extensions [2012-10-15 11:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gulek\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2013-02-23 12:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gulek\AppData\Roaming\mozilla\Firefox\Profiles\yrczfszm.default\extensions [2013-02-14 00:25:57 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Gulek\AppData\Roaming\mozilla\Firefox\Profiles\yrczfszm.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013-02-15 23:06:43 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Gulek\AppData\Roaming\mozilla\Firefox\Profiles\yrczfszm.default\extensions\511eab6e594c6@511eab6e594ff.com [2013-02-13 16:47:15 | 000,001,294 | ---- | M] () -- C:\Users\Gulek\AppData\Roaming\mozilla\firefox\profiles\yrczfszm.default\searchplugins\delta.xml [2012-10-23 21:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-10-23 21:27:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-09-06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-09-06 03:57:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2013-02-13 16:47:08 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012-09-06 03:57:10 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-09-06 03:57:10 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-09-06 03:57:10 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-09-06 03:57:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-09-06 03:57:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml Hosts file not found O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O3:[b]64bit:[/b] - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-3975468322-251742566-1469249144-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3975468322-251742566-1469249144-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3975468322-251742566-1469249144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3975468322-251742566-1469249144-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm () O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O9:[b]64bit:[/b] - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\scieplgn.dll (Kaspersky Lab) O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{157B0883-0269-4F6E-93F3-CC475EC34C0F}: NameServer = 89.108.202.21 89.108.195.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B73F06DB-3728-44FC-BEB3-46B945622E5C}: DhcpNameServer = 89.108.195.20 89.108.202.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B73F06DB-3728-44FC-BEB3-46B945622E5C}: NameServer = 89.108.195.20 89.108.202.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDF5ECEF-3CA6-4D18-90BD-CB9DEFBCFCB8}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D20CC17A-2E3D-4D5D-8B67-5DF89878EEDF}: DhcpNameServer = 194.204.159.1 194.204.152.34 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\kloehk.dll (Kaspersky Lab ZAO) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll) - c:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (c:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll) - c:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll (Kaspersky Lab ZAO) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-02-23 12:17:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gulek\Desktop\OTL.exe [2013-02-23 12:13:18 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013-02-23 12:12:25 | 000,797,784 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Gulek\Desktop\SPTDinst-v183-x64.exe [2013-02-19 10:28:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013-02-19 10:18:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013-02-19 10:17:29 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Gulek\Desktop\ComboFix.exe [2013-02-19 09:06:35 | 000,000,000 | ---D | C] -- C:\Users\Gulek\AppData\Roaming\Malwarebytes [2013-02-19 09:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013-02-15 23:00:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013-02-15 22:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013-02-15 22:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save [2013-02-15 22:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013-02-15 22:06:03 | 000,316,640 | ---- | C] (RightClick) -- C:\Users\Gulek\Desktop\Monster Energy Windows 7 Theme.exe [2013-02-13 22:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Essential Data Tools [2013-02-13 21:43:16 | 000,000,000 | ---D | C] -- C:\Users\Gulek\Desktop\alka [2013-02-13 21:33:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2013-02-13 21:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Image Recovery [2013-02-13 21:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Image Recovery [2013-02-13 20:52:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-02-13 20:52:10 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-02-13 20:52:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-02-13 20:51:49 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-02-13 20:51:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-02-13 20:51:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-02-13 20:51:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-02-13 20:51:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-02-13 20:51:47 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-02-13 20:51:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-02-13 20:51:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013-02-13 20:51:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-02-13 20:51:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-02-13 20:51:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-02-13 20:51:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-02-13 20:51:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-02-13 20:51:31 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013-02-13 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\Gulek\Local Settings [2013-02-13 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\Gulek\AppData\Roaming\TeraCopy [2013-02-13 16:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2013-02-13 16:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy [2013-02-13 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Gulek\AppData\Roaming\Babylon [2013-02-13 16:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013-02-12 14:49:20 | 000,000,000 | ---D | C] -- C:\Users\Gulek\Documents\Ubisoft [2013-02-12 14:34:43 | 000,000,000 | -H-D | C] -- C:\Users\Gulek\InstallAnywhere [2013-02-09 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Gulek\Desktop\dokumentydozatrudnienia [2013-01-31 08:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [2013-01-31 08:33:10 | 000,000,000 | ---D | C] -- C:\Users\Gulek\AppData\Roaming\TeamViewer [2013-01-30 17:44:04 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys [2013-01-30 17:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-02-23 12:20:44 | 000,050,477 | ---- | M] () -- C:\Users\Gulek\Desktop\Defogger - użyć przed combofixem jak jest deamon.exe [2013-02-23 12:18:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gulek\Desktop\OTL.exe [2013-02-23 12:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-02-23 12:14:44 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys [2013-02-23 12:13:18 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013-02-23 12:12:25 | 000,797,784 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Gulek\Desktop\SPTDinst-v183-x64.exe [2013-02-23 12:01:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-02-22 21:00:57 | 001,672,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-02-22 21:00:57 | 000,741,540 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-02-22 21:00:57 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-02-22 21:00:57 | 000,156,104 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-02-22 21:00:57 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-02-19 10:16:52 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Gulek\Desktop\ComboFix.exe [2013-02-17 21:08:05 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-02-17 21:08:05 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-02-16 11:47:51 | 001,647,506 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-02-16 04:14:19 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-02-16 04:14:19 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-02-15 22:06:03 | 000,316,640 | ---- | M] (RightClick) -- C:\Users\Gulek\Desktop\Monster Energy Windows 7 Theme.exe [2013-02-14 07:02:27 | 000,417,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-02-23 12:20:44 | 000,050,477 | ---- | C] () -- C:\Users\Gulek\Desktop\Defogger - użyć przed combofixem jak jest deamon.exe [2013-01-30 17:44:06 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012-12-26 15:12:29 | 001,647,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-12-04 12:51:59 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012-12-04 12:51:59 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012-12-04 12:51:58 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012-12-04 12:51:58 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012-12-04 12:51:58 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012-10-28 11:53:39 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2012-10-25 08:12:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-10-25 08:12:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-10-25 08:12:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-10-25 08:12:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-10-25 08:12:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-10-09 16:37:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012-10-09 16:37:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012-10-09 12:18:19 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-10-09 12:17:54 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012-10-09 12:17:54 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012-10-09 12:17:52 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-10-09 11:35:10 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012-03-19 22:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012-02-02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2006-09-16 16:14:32 | 001,880,140 | ---- | C] () -- C:\Program Files (x86)\Anti NetCut.CAB [2006-09-16 16:14:27 | 000,003,808 | ---- | C] () -- C:\Program Files (x86)\SETUP.LST [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-02-13 16:47:00 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\Babylon [2012-11-05 05:17:43 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\BESTplayer [2013-02-19 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\DAEMON Tools Lite [2012-11-22 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\EurekaLog [2013-02-23 12:14:06 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\foobar2000 [2012-10-11 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\NapiProjekt [2012-10-08 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\Opera [2013-01-09 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\PDF Writer [2012-10-15 11:27:59 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\Philips-Songbird [2013-01-31 09:28:34 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\TeamViewer [2013-02-13 22:00:33 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\TeraCopy [2013-02-23 12:28:50 | 000,000,000 | ---D | M] -- C:\Users\Gulek\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2013-02-23 12:19:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gulek\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,84 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 54,93% Memory free 7,68 Gb Paging File | 6,03 Gb Available in Paging File | 78,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 43,85 Gb Total Space | 8,96 Gb Free Space | 20,44% Space Free | Partition Type: NTFS Drive D: | 421,81 Gb Total Space | 57,15 Gb Free Space | 13,55% Space Free | Partition Type: NTFS Computer Name: GULEK-KOMPUTER | User Name: Gulek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FD4BFD4-4E71-4B9D-BBAE-0C37E2BA0194}" = rport=445 | protocol=6 | dir=out | app=system | "{1778A362-7387-4F42-B136-7DD2982D5A82}" = lport=137 | protocol=17 | dir=in | app=system | "{270FF8CF-0C1C-4BB4-811E-7ED7C1B92442}" = rport=139 | protocol=6 | dir=out | app=system | "{359BC958-9E61-4555-B58F-5F0AB13602AD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{38590AD6-43F3-4B7E-8224-67A113EE1E86}" = rport=138 | protocol=17 | dir=out | app=system | "{4AF1FD66-953C-42E6-BCCF-BDDB4C2CC846}" = lport=138 | protocol=17 | dir=in | app=system | "{4DFFB724-B2C7-4AEA-8E18-4FF99FB6AF73}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{522EC0AB-68E8-49C7-91D6-7773BF8E9469}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{63C5A38E-A92B-4040-9F7B-CE9156C33129}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6990FCCB-EF64-476B-B179-5BDF6229DB43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7E0BEEDB-1BE8-4E23-AD55-E23BD14F08A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D6EA41E-462C-4E2F-BA89-BB1EA286E056}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8FD47182-80E4-4379-81BF-7E9DC8DFEDBB}" = lport=139 | protocol=6 | dir=in | app=system | "{A50288AF-93AF-4B18-9F56-6B7AD98C596F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A7F64682-399A-49D3-95F2-344CAF4ABAB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B9960487-048F-4BAD-84D3-8E8FF6761C92}" = rport=137 | protocol=17 | dir=out | app=system | "{CB39B599-8E92-49E1-8334-3A2152741DE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D0E7DD9C-74D9-452A-9346-405019604BA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DBAA7731-6229-488D-88DF-91BD261CF4C3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DBDBA313-EEE2-4A98-B459-0DCF86C40468}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DE46C358-C19A-430E-B2CE-7A033E71B1C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5A1F645-B603-4473-9A1F-D2788FEF67AC}" = lport=445 | protocol=6 | dir=in | app=system | "{F9481E29-AA6F-454C-93A2-E31CFC75CAD1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03D1D266-A356-445B-A9D2-4C894CF6B597}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{07ED325A-1A3F-425D-A56E-588744027104}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{10C6580D-E662-415C-BEB5-84EEAFF9F194}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{15F9015B-9027-44A5-BE27-F7DB8268562C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{184BE74A-FD6A-4634-9666-531FFEA92C35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1E4661E2-F07F-4396-AA44-B0864B3321C5}" = dir=in | app=d:\batman\binaries\win32\batmanac.exe | "{38549C75-79CD-4CE2-8278-549A8F12C155}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3E7D6AC9-5BF4-4076-B4EE-D7E87D7BC021}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{5DB24AB8-5401-4B29-8561-E5456505B711}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{66CB7085-6547-4864-BD54-4F893E1FCF10}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6FC5C235-93FB-40BD-ACEC-C9F73B111065}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7249B4AB-B526-4815-A7B5-176B78A54A8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A6242ADC-7335-4DC6-BC18-F1E0071469D4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{A980FB3D-E0BD-46F8-AEFC-BBF115E9E507}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{B4427F69-197D-4475-A327-5F1C2C6631B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BB2FD8B5-2485-4F1A-A8BE-EEF03E2029D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BB9A2890-FCD8-438C-90A0-FCF0A4C30E8A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{BC572AC2-1B74-4971-829C-E341B45A935E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{D53169EB-6A12-4FAB-945F-A4BB019C8F70}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D79CA674-6F67-4FF5-BDAA-85ADB0CD8D4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D81F647F-579A-4638-B3CA-64C19D4D2543}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DED4AD23-F68C-482F-ACC7-E3F1D4F6B18C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{E445A888-2A3E-415C-B662-A179DAF040E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F6B85793-A87D-4BA9-8684-51AA74C8581F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F9E0E68C-3520-4833-BB48-BECFBFD46A5E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FC13C680-F58E-4542-A57A-F73D93D735F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{FC6FD3A0-2761-449B-8F6C-758DA2709445}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64) "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2010 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516 "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "TeraCopy_is1" = TeraCopy 2.27 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{57520FA0-DF38-46A1-8046-3B1000008500}" = Batman: Arkham City™ GOTY "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0015-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROPLUS_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{0844B6E1-0A6F-4D81-8BCF-48F883F521FE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AQQ" = WapSter AQQ "Astroburn Lite" = Astroburn Lite "bi_uninstaller" = Bundled software uninstaller "Borderlands 2_is1" = Borderlands 2 "Digital Image Recovery_is1" = Digital Image Recovery 1.47 "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition "foobar2000" = foobar2000 v1.1.15 "GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}" = Batman: Arkham City™ GOTY "HD Tune Pro_is1" = HD Tune Pro 3.00 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full) "LastFM_is1" = Last.fm Scrobbler 2.1.33 "LManager" = Launch Manager "Mozilla Firefox 15.0.1 (x86 pl)" = Mozilla Firefox 15.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.1.0.2287) "NetCut_is1" = NetCut 2.1.1 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Opera 12.14.1738" = Opera 12.14 "Picasa 3" = Picasa 3 "PLAY ONLINE" = PLAY ONLINE "RealAlt_is1" = Real Alternative 2.0.2 "Rockstar Games Social Club" = Rockstar Games Social Club "TeamViewer 8" = TeamViewer 8 "TMM70" = TELL ME MORE "Uplay" = Uplay "uTorrent" = µTorrent "uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3975468322-251742566-1469249144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-02-21 16:52:11 | Computer Name = Gulek-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-22 06:00:08 | Computer Name = Gulek-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-22 09:13:40 | Computer Name = Gulek-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-22 15:56:25 | Computer Name = Gulek-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-22 16:48:45 | Computer Name = Gulek-Komputer | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2013-02-22 16:48:57 | Computer Name = Gulek-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\Last.fm\ext_messengernotify.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-02-22 16:48:57 | Computer Name = Gulek-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\Last.fm\ext_skypenotify.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-02-23 06:59:57 | Computer Name = Gulek-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-23 07:12:55 | Computer Name = Gulek-Komputer | Source = VSS | ID = 8194 Description = Error - 2013-02-23 07:15:31 | Computer Name = Gulek-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. [ System Events ] Error - 2013-02-10 04:04:16 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-02-10 04:04:18 | Computer Name = Gulek-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY ONLINE. OUC. Error - 2013-02-10 04:04:18 | Computer Name = Gulek-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego błędu: %%1053 Error - 2013-02-10 04:04:26 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-02-10 04:04:41 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-02-10 04:04:41 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-02-10 04:04:41 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-02-10 04:04:41 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-02-10 04:04:42 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-02-10 04:04:49 | Computer Name = Gulek-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. < End of report >

**Posty:** 4765 · przez **ordynat** 23 Lut 2013, 15:56

Nie widzę tu żadnej infekcji.

Skoro masz uszkodzony System, to zrób zwykłe "Przywracanie Systemu" do jakiegoś punktu przywracania, gdy wszystko jeszcze było OK.

Potem:
Masz trochę sponsorskich śmieci, więc:
Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim Usuń
Pokaż raport z niego C:\AdwCleaner[S1].txt
.

**Posty:** 760 · przez **gulek** 23 Lut 2013, 16:03

ordynat napisał(a):Nie widzę tu żadnej infekcji.
Pokaż raport z niego C:\AdwCleaner[S1].txt
.

Kod: Zaznacz wszystko: # AdwCleaner v2.112 - Log utworzony 23/02/2013 o 15:00:44 # Aktualizacja 10/02/2013 przez Xplode # System operacyjny : Windows 7 Ultimate Service Pack 1 (64 bits) # Użytkownik : Gulek - GULEK-KOMPUTER # Tryb uruchomienia : Normalny # Ścieżka : C:\Users\Gulek\Desktop\adwcleaner0.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Program Files (x86)\Conduit Folder Usunięto : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Usunięto : C:\Program Files (x86)\uTorrentControl_v2 Folder Usunięto : C:\ProgramData\Babylon Folder Usunięto : C:\ProgramData\Browse2save Folder Usunięto : C:\ProgramData\InstallMate Folder Usunięto : C:\Users\Gulek\AppData\Local\Conduit Folder Usunięto : C:\Users\Gulek\AppData\LocalLow\Conduit Folder Usunięto : C:\Users\Gulek\AppData\LocalLow\uTorrentControl_v2 Folder Usunięto : C:\Users\Gulek\AppData\Roaming\Babylon Folder Usunięto : C:\Users\Gulek\AppData\Roaming\Mozilla\Firefox\Profiles\yrczfszm.default\CT3220468 Folder Usunięto : C:\Users\Gulek\AppData\Roaming\Mozilla\Firefox\Profiles\yrczfszm.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} Folder Usunięto : C:\Users\Gulek\AppData\Roaming\Mozilla\Firefox\Profiles\yrczfszm.default\extensions\511eab6e594c6@511eab6e594ff.com Folder Usunięto : C:\Users\Gulek\AppData\Roaming\Mozilla\Firefox\Profiles\yrczfszm.default\Smartbar Plik Usunięto : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Plik Usunięto : C:\Users\Gulek\AppData\Roaming\Mozilla\Firefox\Profiles\yrczfszm.default\searchplugins\delta.xml ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\AppDataLow\Software\Conduit Klucz Usunięto : HKCU\Software\AppDataLow\Software\SmartBar Klucz Usunięto : HKCU\Software\AppDataLow\Software\uTorrentControl_v2 Klucz Usunięto : HKCU\Software\AppDataLow\SProtector Klucz Usunięto : HKCU\Software\AppDataLow\Toolbar Klucz Usunięto : HKCU\Software\Conduit Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Klucz Usunięto : HKLM\Software\Babylon Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Klucz Usunięto : HKLM\Software\Conduit Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Klucz Usunięto : HKLM\Software\SProtector Klucz Usunięto : HKLM\Software\uTorrentControl_v2 Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFE599EC-4176-4A31-B8D6-5CCC762261F4} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E149E48D-E4F7-4978-BF50-3875D7224CF7} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Wartość Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v8.0.7601.17514 Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=40bbf6b900000000000000ff2a37ca1c --> hxxp://www.google.com Podmieniono : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=vlt2&from=vlt2&uid=TOSHIBA_MK5059GSXP_327DC5JFT__327DC5JFT&ts=1351961997 --> hxxp://www.google.com Podmieniono : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.v9.com/?utm_source=b&utm_medium=vlt2&from=vlt2&uid=TOSHIBA_MK5059GSXP_327DC5JFT__327DC5JFT&ts=1351961997 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (pl) Plik : C:\Users\Gulek\AppData\Roaming\Mozilla\Firefox\Profiles\yrczfszm.default\prefs.js C:\Users\Gulek\AppData\Roaming\Mozilla\Firefox\Profiles\yrczfszm.default\user.js ... Usunięto ! Usunięto : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2MDg4MTY4OCwidXVpZCI6NzE4Nzg5NzM2OTE3Njc2LCJ[...] Usunięto : user_pref("CT3220468.CBOpenMAMSettings", "0"); Usunięto : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Usunięto : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Usunięto : user_pref("CT3220468.FirstTime", "true"); Usunięto : user_pref("CT3220468.FirstTimeFF3", "true"); Usunięto : user_pref("CT3220468.LoginRevertSettingsEnabled", true); Usunięto : user_pref("CT3220468.RevertSettingsEnabled", true); Usunięto : user_pref("CT3220468.UserID", "UN11270723324479082"); Usunięto : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Usunięto : user_pref("CT3220468.autoDisableScopes", -1); Usunięto : user_pref("CT3220468.cb_experience_000", "1"); Usunięto : user_pref("CT3220468.cbcountry_001", "PL"); Usunięto : user_pref("CT3220468.cbfirsttime.enc", "RnJpIE9jdCAxMiAyMDEyIDIyOjA3OjMyIEdNVCswMjAw"); Usunięto : user_pref("CT3220468.defaultSearch", "FALSE"); Usunięto : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...] Usunięto : user_pref("CT3220468.enableAlerts", "always"); Usunięto : user_pref("CT3220468.enableFix404ByUser", "FALSE"); Usunięto : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE"); Usunięto : user_pref("CT3220468.firstTimeDialogOpened", "true"); Usunięto : user_pref("CT3220468.fixPageNotFoundError", "true"); Usunięto : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true"); Usunięto : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Usunięto : user_pref("CT3220468.fixUrls", true); Usunięto : user_pref("CT3220468.installId", "fft7D7E.tmp.exe"); Usunięto : user_pref("CT3220468.installType", "XPE"); Usunięto : user_pref("CT3220468.isCheckedStartAsHidden", true); Usunięto : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Usunięto : user_pref("CT3220468.isFirstTimeToolbarLoading", "false"); Usunięto : user_pref("CT3220468.isNewTabEnabled", true); Usunięto : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Usunięto : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Usunięto : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Usunięto : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...] Usunięto : user_pref("CT3220468.lastVersion", "10.14.42.7"); Usunięto : user_pref("CT3220468.migrateAppsAndComponents", true); Usunięto : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Usunięto : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Usunięto : user_pref("CT3220468.openThankYouPage", "true"); Usunięto : user_pref("CT3220468.openUninstallPage", "FALSE"); Usunięto : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Usunięto : user_pref("CT3220468.search.searchCount", "0"); Usunięto : user_pref("CT3220468.searchInNewTabEnabledByUser", "true"); Usunięto : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Usunięto : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Usunięto : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Usunięto : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Usunięto : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Usunięto : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Usunięto : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Usunięto : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Usunięto : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360795519375"); Usunięto : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1360966128007"); Usunięto : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360795519229"); Usunięto : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1360795398650"); Usunięto : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360966128039"); Usunięto : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360795519315"); Usunięto : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1360881798876"); Usunięto : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1360881798709"); Usunięto : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360795519277"); Usunięto : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1360966128027"); Usunięto : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1360881799769"); Usunięto : user_pref("CT3220468.settingsINI", true); Usunięto : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Usunięto : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Usunięto : user_pref("CT3220468.smartbar.Uninstall", "0"); Usunięto : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Usunięto : user_pref("CT3220468.toolbarBornServerTime", "12-10-2012"); Usunięto : user_pref("CT3220468.toolbarCurrentServerTime", "16-2-2013"); Usunięto : user_pref("CT3220468.upgradeFromClearSBVersion", true); Usunięto : user_pref("CT3220468.url_history0001", "hxxp://www.facebook.com/pokes#:::clickhandler:::136079558619[...] Usunięto : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Usunięto : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId[...] Usunięto : user_pref("extensions.BabylonToolbar_i.newTab", true); Usunięto : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc[...] Usunięto : user_pref("smartbar.machineId", "ZGTERLRP0PIBTFCPPJMHWDBWXFAEQRVY6G6NVWXCHJALV6V64AZGBP1DOMN2T3I2HS9[...] -\\ Opera v12.14.1738.0 Plik : C:\Users\Gulek\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Plik w porządku. ************************* AdwCleaner[S1].txt - [12873 octets] - [23/02/2013 15:00:44] ########## EOF - C:\AdwCleaner[S1].txt - [12934 octets] ##########

**Posty:** 4765 · przez **ordynat** 23 Lut 2013, 16:43

W Adw-Cleaner kliknij na przycisk Odinstaluj
.

**Posty:** 760 · przez **gulek** 24 Lut 2013, 15:36

Może jakieś pomysły, ponieważ nadal mam te problemy, a punktu przywracania nie mam...