Zamiana pustej karty w ff + kontrola

**Posty:** 934 · przez **AragornXT** 12 Mar 2013, 15:51

Witam,
po instalacji infranview wleciało mi trochę adware, prosiłbym o kontrole:
OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2013-03-12 14:32:40 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = J:\Pobierane 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,91 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 58,54% Memory free 7,82 Gb Paging File | 5,93 Gb Available in Paging File | 75,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,57 Gb Total Space | 5,61 Gb Free Space | 9,58% Space Free | Partition Type: NTFS Drive E: | 50,00 Gb Total Space | 24,64 Gb Free Space | 49,27% Space Free | Partition Type: NTFS Drive F: | 696,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 8,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 100,00 Gb Total Space | 80,16 Gb Free Space | 80,16% Space Free | Partition Type: NTFS Drive K: | 100,00 Gb Total Space | 80,82 Gb Free Space | 80,82% Space Free | Partition Type: NTFS Drive L: | 157,19 Gb Total Space | 123,60 Gb Free Space | 78,63% Space Free | Partition Type: NTFS Computer Name: ALEX-KOMPUTER | User Name: alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-03-12 14:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- J:\Pobierane\OTL.exe PRC - [2013-03-12 12:36:42 | 000,402,000 | ---- | M] (337 Technology Limited.) -- C:\Program Files (x86)\Desk 365\deskSvc.exe PRC - [2013-03-08 12:29:27 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-02-27 20:22:19 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe PRC - [2013-02-08 14:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013-01-20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012-08-08 23:28:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-06-22 09:32:12 | 000,625,816 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe PRC - [2012-05-02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012-05-01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012-04-12 04:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2011-06-24 12:52:26 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exe PRC - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-04-08 07:01:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2011-02-02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2009-08-27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009-07-24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-03-08 12:29:27 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-02-27 20:22:19 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-05-12 19:38:40 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-03-12 12:36:42 | 000,402,000 | ---- | M] (337 Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\Desk 365\deskSvc.exe -- (desksvc) SRV - [2013-03-08 12:29:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-02-27 20:22:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-06-22 09:32:12 | 000,625,816 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2012-05-02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012-05-01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-04-12 04:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2011-07-13 16:27:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011-06-24 12:52:26 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM) SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-04-08 07:01:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2011-02-02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-08-27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009-07-24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-08-07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007-05-31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-07-04 00:11:52 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-05-02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:[b]64bit:[/b] - [2012-04-27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2012-04-24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2012-02-24 10:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:[b]64bit:[/b] - [2012-02-24 10:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2012-02-24 10:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2012-02-17 22:24:47 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:[b]64bit:[/b] - [2012-02-17 22:24:19 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:[b]64bit:[/b] - [2012-02-17 22:24:19 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:[b]64bit:[/b] - [2011-09-09 10:51:02 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2011-09-09 10:51:02 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV:[b]64bit:[/b] - [2011-09-09 10:51:02 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2011-09-09 10:51:00 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2011-08-16 16:17:46 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2011-07-13 00:34:18 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:[b]64bit:[/b] - [2011-07-13 00:27:49 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2011-07-13 00:27:27 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011-06-10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:[b]64bit:[/b] - [2011-04-08 07:01:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2011-03-15 17:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:[b]64bit:[/b] - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-07-27 08:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2010-04-03 09:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:[b]64bit:[/b] - [2009-10-05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:[b]64bit:[/b] - [2008-05-16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:[b]64bit:[/b] - [2008-05-16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{776D17D3-1DA0-4981-AE90-A01FDEF5D2A3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.22find.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088171 IE - HKCU\..\SearchScopes\{776D17D3-1DA0-4981-AE90-A01FDEF5D2A3}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C684C3E1-F65D-4812-B21E-0B0399A20085}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=3B10071F-C6C5-4BD9-8E62-B966677D959C&apn_sauid=354EBFFF-CE6D-43E0-ADBD-FC13BE370156 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "22find" FF - prefs.js..browser.search.order.1: "22find" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=128" FF - prefs.js..extensions.enabledAddons: pagerank%40any-tech.ws:1.1.1 FF - prefs.js..extensions.enabledAddons: %7B7C9AE782-DB21-4e40-81FB-AD8A53A6233A%7D:1.83 FF - prefs.js..extensions.enabledAddons: %7Bc2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294%7D:1.1 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: J:\Programy\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-03-08 12:29:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-03-08 12:29:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012-05-12 14:29:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\eran@whoislive.com: C:\Users\alex\AppData\Local\Temp\whoislive.xpi [2013-01-31 03:14:26 | 000,152,662 | ---- | M] () [2011-07-13 00:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions [2013-03-12 12:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\y61ym9mu.default\extensions [2013-02-18 23:54:04 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\y61ym9mu.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-03-03 00:00:29 | 000,187,274 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2012-07-30 23:36:34 | 000,022,179 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\pagerank@any-tech.ws.xpi [2012-10-27 00:08:57 | 000,039,447 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\seotoolbar@seo-sem.com.xpi [2013-03-12 12:36:09 | 000,002,127 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi [2012-09-24 10:32:43 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012-10-26 23:43:11 | 000,015,459 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2012-09-29 12:00:01 | 000,003,170 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2013-02-14 23:54:06 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-26 17:33:06 | 000,002,308 | ---- | M] () -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\searchplugins\askcom.xml [2012-10-26 23:56:25 | 000,005,306 | ---- | M] () -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\searchplugins\whois-ip-address.xml [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-03-08 12:29:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013-03-12 12:36:11 | 000,000,758 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\22find.xml [2013-02-20 00:50:33 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2013-02-20 00:50:33 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2013-02-20 00:50:33 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2013-02-20 00:50:33 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2013-02-20 00:50:33 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-02-20 00:50:33 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088131 CHR - Extension: No name found = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdkkghemjaackpnodiacedfadojaboh\4.1_0\ CHR - Extension: No name found = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CheckRun22find_uninstaller] C:\Users\alex\AppData\Roaming\CheckRun22find.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] J:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\PLAY Web partner\PLAY Web partner File not found O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4002A4-6818-4AB8-B1C2-9FA4C614123A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62887F83-B3E4-4857-B11E-2B113B320294}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93CDC04E-BBDE-4361-93DD-313BC8C1CC95}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003-02-12 17:13:38 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2011-03-18 08:27:22 | 000,148,320 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009-09-27 03:46:52 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2012-05-12 19:21:22 | 000,000,000 | ---D | M] - L:\AutoCadx64 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-03-12 12:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337 [2013-03-12 12:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 [2013-03-12 12:36:42 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Desk 365 [2013-03-12 12:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desk 365 [2013-03-12 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\IrfanView [2013-03-12 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\eDownload [2013-03-12 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\XnView [2013-03-12 12:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2013-03-12 12:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView [2013-03-11 01:38:53 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\Oryginały [2013-03-09 21:54:48 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-03-09 21:54:37 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-03-08 12:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-03-07 10:26:04 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013-03-07 10:26:04 | 000,422,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys [2013-03-07 10:26:04 | 000,223,744 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013-03-07 10:26:04 | 000,223,232 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013-03-07 10:26:04 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013-03-07 10:26:04 | 000,098,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013-03-07 10:26:04 | 000,087,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013-03-07 10:26:04 | 000,072,192 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013-03-07 10:26:04 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013-03-07 10:26:04 | 000,028,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013-03-07 10:26:04 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys [2013-03-07 10:26:04 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013-03-04 13:53:41 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\FastStone [2013-03-02 19:56:59 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\TeamViewer [2013-02-27 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\alex\Documents\SimCity 4 [2013-02-27 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimCity 4 [2013-02-27 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 4 [2013-02-27 20:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimCity 4 [2013-02-26 19:58:51 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\GHISLER [2013-02-26 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013-02-26 17:33:00 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\APN [2013-02-18 18:35:50 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\Teksty synonimizowane [2013-02-16 15:27:07 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2013-02-10 19:56:01 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\ZAPLECZE [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-03-12 14:21:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-03-12 14:20:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-03-12 12:36:07 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2013-03-12 12:36:07 | 000,001,382 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013-03-12 12:36:02 | 000,002,499 | ---- | M] () -- C:\Users\alex\Desktop\Google Chrome.lnk [2013-03-12 12:19:03 | 000,001,789 | ---- | M] () -- C:\Users\alex\Desktop\XnView.lnk [2013-03-12 11:37:01 | 000,018,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-03-12 11:37:01 | 000,018,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-03-12 11:34:09 | 001,863,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-03-12 11:34:09 | 000,808,858 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-03-12 11:34:09 | 000,722,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-03-12 11:34:09 | 000,182,460 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-03-12 11:34:09 | 000,148,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-03-12 11:29:02 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-03-12 11:28:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-03-12 11:28:45 | 3148,419,072 | -HS- | M] () -- C:\hiberfil.sys [2013-03-12 02:20:11 | 000,060,065 | ---- | M] () -- C:\Users\alex\Desktop\global.css [2013-03-11 23:07:59 | 000,279,276 | ---- | M] () -- C:\Users\alex\Desktop\279816_525576997493732_255206844_o.jpg [2013-03-11 19:25:05 | 000,016,755 | ---- | M] () -- C:\Users\alex\Desktop\Wykorzystane multikody.odt [2013-03-11 15:32:26 | 000,014,930 | ---- | M] () -- C:\Users\alex\Documents\ściąga%20biola.odt_0.odt [2013-03-11 15:17:12 | 000,000,103 | -H-- | M] () -- C:\Users\alex\Desktop\.~lock.ściąga biola.odt# [2013-03-11 13:04:47 | 000,017,178 | ---- | M] () -- C:\Users\alex\Desktop\grupa103.odt [2013-03-09 21:54:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013-03-09 21:54:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013-03-09 21:54:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-03-09 21:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-03-09 21:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-03-09 21:54:31 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-03-06 23:47:19 | 000,780,980 | ---- | M] () -- C:\Users\alex\Desktop\white-paper-seo-en.pdf [2013-03-02 00:10:33 | 000,016,143 | ---- | M] () -- C:\Users\alex\Desktop\ściąga biola.odt [2013-03-01 01:28:46 | 000,016,380 | ---- | M] () -- C:\Users\alex\Desktop\grupa101.odt [2013-02-27 20:22:19 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-02-27 20:22:19 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-02-17 00:04:14 | 000,114,100 | ---- | M] () -- C:\Users\alex\Documents\Video call snapshot 20.png [2013-02-16 15:27:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2013-02-15 00:03:37 | 000,053,907 | ---- | M] () -- C:\Users\alex\Desktop\wtum85.jpg.png [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-03-12 12:35:31 | 000,102,912 | ---- | C] () -- C:\Users\alex\AppData\Roaming\CheckRun22find.exe [2013-03-12 12:19:03 | 000,001,789 | ---- | C] () -- C:\Users\alex\Desktop\XnView.lnk [2013-03-11 23:07:58 | 000,279,276 | ---- | C] () -- C:\Users\alex\Desktop\279816_525576997493732_255206844_o.jpg [2013-03-11 18:39:20 | 000,014,930 | ---- | C] () -- C:\Users\alex\Documents\ściąga%20biola.odt_0.odt [2013-03-11 15:17:12 | 000,000,103 | -H-- | C] () -- C:\Users\alex\Desktop\.~lock.ściąga biola.odt# [2013-03-11 01:47:14 | 000,060,065 | ---- | C] () -- C:\Users\alex\Desktop\global.css [2013-03-06 23:47:19 | 000,780,980 | ---- | C] () -- C:\Users\alex\Desktop\white-paper-seo-en.pdf [2013-02-21 12:23:50 | 000,017,178 | ---- | C] () -- C:\Users\alex\Desktop\grupa103.odt [2013-02-21 12:23:05 | 000,016,380 | ---- | C] () -- C:\Users\alex\Desktop\grupa101.odt [2013-02-17 21:53:57 | 000,016,755 | ---- | C] () -- C:\Users\alex\Desktop\Wykorzystane multikody.odt [2013-02-16 15:27:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2013-02-16 15:27:24 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk [2013-02-15 00:03:35 | 000,053,907 | ---- | C] () -- C:\Users\alex\Desktop\wtum85.jpg.png [2013-02-10 19:44:39 | 000,016,143 | ---- | C] () -- C:\Users\alex\Desktop\ściąga biola.odt [2012-10-30 02:13:01 | 000,002,531 | ---- | C] () -- C:\Users\alex\AppData\Local\recently-used.xbel [2012-06-30 18:19:07 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini [2012-06-18 17:31:42 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2012-05-29 15:36:53 | 000,007,605 | ---- | C] () -- C:\Users\alex\AppData\Local\Resmon.ResmonCfg [2012-05-26 17:33:44 | 000,000,600 | ---- | C] () -- C:\Users\alex\AppData\Roaming\winscp.rnd [2012-05-15 21:22:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\ltserial.dll [2012-05-12 19:39:15 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012-05-12 19:31:30 | 001,839,254 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-04-19 14:17:23 | 000,000,103 | ---- | C] () -- C:\Windows\pro.INI [2012-03-28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-03-28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-03-28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-03-28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-03-28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-01-30 18:53:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\encryptpdf.dat [2012-01-28 22:44:48 | 000,005,632 | ---- | C] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-28 21:52:13 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2011-10-19 11:53:09 | 000,083,229 | ---- | C] () -- C:\Users\alex\neostrada_990696156611.pdf [2011-10-19 09:19:00 | 000,001,131 | ---- | C] () -- C:\Users\alex\umk.cer [2011-10-19 09:18:38 | 000,024,706 | ---- | C] () -- C:\Users\alex\vista.htm [2011-09-03 21:32:20 | 003,097,252 | ---- | C] () -- C:\Users\alex\GE620_Polish.pdf [2011-08-11 22:44:20 | 000,000,411 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011-08-11 22:44:20 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2011-07-13 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\.wtw [2011-09-03 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Ashampoo [2012-07-18 12:11:54 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Autodesk [2012-05-15 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\BESTplayer [2012-06-18 17:31:48 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\CAD-KAS [2012-11-16 23:15:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\com.adobe.ExMan [2013-01-26 13:34:18 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DAEMON Tools Lite [2013-03-12 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Desk 365 [2012-07-06 10:05:30 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Downloaded Installations [2013-03-12 11:29:40 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Dropbox [2013-03-12 12:35:22 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\eDownload [2013-03-10 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\foobar2000 [2012-11-01 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Free Monitor for Google [2012-06-29 13:58:26 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\GHISLER [2012-11-01 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\InsERT GT [2012-03-12 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ipla [2013-03-12 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\IrfanView [2012-08-11 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\LibreOffice [2012-08-18 17:59:14 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\MAGIX [2012-06-18 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Nitro PDF [2012-02-17 23:04:19 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Notepad++ [2011-07-13 16:38:15 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\OpenOffice.org [2012-07-30 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Opera [2012-08-18 23:06:31 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Publish Providers [2012-04-28 10:31:42 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Samsung [2012-10-24 23:39:56 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ScrapeBox Link Checker Free Edition [2012-08-18 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Software Informer [2012-08-19 12:07:06 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Sony [2013-03-02 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\TeamViewer [2012-09-02 21:40:28 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Temp [2012-05-12 14:32:22 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Thunderbird [2012-10-04 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\uTorrent [2013-03-12 13:42:33 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\XnView [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2013-03-12 14:32:40 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = J:\Pobierane 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,91 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 58,54% Memory free 7,82 Gb Paging File | 5,93 Gb Available in Paging File | 75,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,57 Gb Total Space | 5,61 Gb Free Space | 9,58% Space Free | Partition Type: NTFS Drive E: | 50,00 Gb Total Space | 24,64 Gb Free Space | 49,27% Space Free | Partition Type: NTFS Drive F: | 696,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 8,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 100,00 Gb Total Space | 80,16 Gb Free Space | 80,16% Space Free | Partition Type: NTFS Drive K: | 100,00 Gb Total Space | 80,82 Gb Free Space | 80,82% Space Free | Partition Type: NTFS Drive L: | 157,19 Gb Total Space | 123,60 Gb Free Space | 78,63% Space Free | Partition Type: NTFS Computer Name: ALEX-KOMPUTER | User Name: alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- E:\Program Files (x86)\After Effects\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- E:\Program Files (x86)\After Effects\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{735DA0B4-7095-4F01-98E3-AFF2710EB475}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B5F1A60-D02F-497A-95E6-FE5B0215A806}" = dir=in | app=c:\users\alex\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{14460FE0-418D-4C24-AEEE-A114B1E6C68D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{1D4C6670-78CF-4458-8304-14F784373C6D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{1EDC15B3-3B1D-4A77-A7A3-30C34D1C6C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{1F4F3DFA-ED40-48BC-A1E0-D88D9505B72F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{497B26D6-E7C0-4AA8-9E5F-E36519A8A0CE}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "{54C51B0D-7E9D-42FC-8A17-F3AE8A633DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5B3F59E9-CFE6-46AE-B927-FC089B8E62D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{62930973-4CE8-40DF-9658-91F1E9F63E2E}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "{74512627-8F4A-4807-9A25-685AF437880E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7F8705A7-C394-4AC7-9E99-FB7E8413E7F6}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "{84859118-8DFB-45B7-A6E0-5F54341B71CE}" = protocol=6 | dir=in | app=c:\program files\k2t\wtw\wtw.exe | "{848B76BD-E9F0-45E1-BEEC-B6273A507F64}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{86D51A14-8786-46F3-93F4-F5A9CF931A49}" = protocol=17 | dir=in | app=c:\program files\k2t\wtw\wtw.exe | "{A4F17F7B-90C5-4476-A745-CE5BF7D7C226}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{C1161CD5-14B6-44E3-A42A-885DA3ACAD99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C6753764-8A8D-4332-A279-4BE69C71F049}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DC624FA7-D850-44F9-BAAC-51747BA546B4}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{DECF1D6C-4B4A-4FD7-BEC9-EE308563E230}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{E143CAE6-7D05-47CF-BF63-ABB29F0BED60}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{EA90CF80-3BDB-4B4F-991A-CC74F1B5987B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F2EEBAAF-812C-4658-936D-0D5D5916779A}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{F6A1F420-32AF-43F7-8912-B448782C8314}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FD73F327-2DA6-4CAD-B32C-8DF801503DCA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{FD8F7BA0-48F5-49A1-9144-1588895F21E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FE5ABB99-5DA3-49F5-A248-2F05A2DE4E15}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{05937EE1-C4FA-4CA5-B1FE-4462B8ACB8F1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{2DDF905A-0C9D-42D3-8AB6-3F874EF14585}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe | "TCP Query User{360D938E-D757-4709-BAEB-8B639EC71F2E}E:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=e:\totalcmd\totalcmd.exe | "TCP Query User{72BF44FF-D425-4260-BED9-2A9D2894E031}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{9BB64DF7-2756-41F9-A24F-0ECAEDBDFC0F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{9EE60719-6250-4F8B-A116-549BD0A1952D}C:\program files (x86)\shoutcast\sc_serv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shoutcast\sc_serv.exe | "TCP Query User{B08ADD57-7F52-40ED-B67F-698036D37F2B}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{D1965123-0A85-4FE2-B1E9-894DA9DCB2F0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{E6691124-BF44-4144-909F-529AA86E3538}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{04E62CD3-2E49-4B59-9FF2-47A43B161545}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{39C97729-304D-4E78-AC01-593799DFCABF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{565E42BC-2B5C-417C-B6D8-7186F753DF87}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{64AE82FA-8A19-419D-B82D-BAAFBAF91D2F}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe | "UDP Query User{A019A4EE-9C31-47DE-8599-8C0007AA08B5}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{A198BB79-A3A6-4FCC-B174-4306FFC481C6}C:\program files (x86)\shoutcast\sc_serv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shoutcast\sc_serv.exe | "UDP Query User{B9F165E7-4B78-44E0-9CE6-EEE570E04AD2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{BD3183D4-E947-45FD-8FC3-95F528F4D0C8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{DFF76ED4-0757-442B-95C3-B7AA70BC5ACA}E:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=e:\totalcmd\totalcmd.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW 0.9.10.3377 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{2078180F-0C60-11E0-8A9C-0013D3D69929}" = MSVCRT Redists "{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64 "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum obsługi urządzeń z systemem Windows Mobile "{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English) "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8909B8A7-CEAB-4772-BF29-1892C4E6603B}" = Microsoft SQL Server 2005 Backward compatibility "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 268.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 268.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver "{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared "{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 "{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012 "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012 "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012 "Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012 "A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897) "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit) "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit) "M-WIN-L 8.0.1 2063990_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990) "Recuva" = Recuva "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{00ED627E-F3DC-455E-ACA6-E6B6D917DFC1}" = S-Bar "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5A1382E3-6228-4A6F-BD04-3FF209C9D27B}" = s2s "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}" = EasyFace2 "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{AFD5A54E-E9A1-413D-8AA2-C9EDB6782400}" = LibreOffice 3.6 "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser "{C108E9EA-BCE2-41E6-ADD6-F6366C699722}" = InsERT GT 1.30 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D7452A01-9BF9-4FFD-8B2E-650F713AE099}" = Origin8 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4 "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB02D568-6CAA-4E56-B60F-4EF908F9B260}_is1" = Testy na prawo jazdy 2012 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover "Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9 "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CheckRun22find_uninstaller" = CheckRun22find_uninstaller "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Lite" = DAEMON Tools Lite "Desk 365" = Desk 365 "Drumaxx" = Drumaxx "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "foobar2000" = foobar2000 v1.1.7 "Foxit PDF Editor" = Foxit PDF Editor "Free Monitor for Google_is1" = Free Monitor for Google 2.5 "Free PS Convert driver_is1" = Free PS Convert driver 8.15 "Google Chrome" = Google Chrome "Hardcore" = Hardcore "IL Download Manager" = IL Download Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "INTERsoft IntelliCAD Standard Edition v.3.3" = INTERsoft IntelliCAD Standard Edition v.3.3 "ipla" = ipla 2.3.5 "LastFM_is1" = Last.fm Scrobbler 2.1.30 "Mobile Partner" = Mobile Partner "Mozilla Firefox 19.0.2 (x86 pl)" = Mozilla Firefox 19.0.2 (x86 pl) "Mozilla Thunderbird 12.0.1 (x86 pl)" = Mozilla Thunderbird 12.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Omnius for SE" = Omnius for SE v0.33 "Opera 12.00.1467" = Opera 12.00 "Picasa 3" = Picasa 3 "PLAY Web partner" = PLAY Web partner "PoiZone" = PoiZone "qt7lite_is1" = QT Lite 2.8.0 "Sakura" = Sakura "Sawer" = Sawer "SCDNAS" = SHOUTcast DNAS (remove only) "SciDAVis" = SciDAVis 0.2.4 "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows "SimCity 4 [PL]" = SimCity 4 [PL] "Software Informer_is1" = Software Informer 1.1 "The KMPlayer" = The KMPlayer (remove only) "Totalcmd" = Total Commander (Remove or Repair) "Toxic Biohazard" = Toxic Biohazard "Ultimate Unlocker" = D-Ultimate Unlocker "Update Engine" = Sony Ericsson Update Engine "Update Service" = Sony Ericsson Update Service "uTorrent" = µTorrent "Veetle TV" = Veetle TV "winscp3_is1" = WinSCP 4.2.1 beta "XnView_is1" = XnView 1.99.6 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "CodeBlocks" = CodeBlocks "Dropbox" = Dropbox "pdfsam" = pdfsam "Whoislive" = Whoislive [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-03-12 06:37:57 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 07:21:00 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 07:27:26 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 07:35:31 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 07:36:09 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 07:36:11 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 07:37:40 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 08:02:28 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 08:21:00 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2013-03-12 09:21:00 | Computer Name = alex-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\conhost.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. [ Media Center Events ] Error - 2012-10-12 11:43:39 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 17:43:39 - Błąd podczas nawiązywania połączenia z Internetem. 17:43:39 - Nie można skontaktować się z serwerem.. Error - 2012-10-12 11:43:49 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 17:43:44 - Błąd podczas nawiązywania połączenia z Internetem. 17:43:44 - Nie można skontaktować się z serwerem.. Error - 2012-10-12 13:24:04 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 19:24:04 - Błąd podczas nawiązywania połączenia z Internetem. 19:24:04 - Nie można skontaktować się z serwerem.. Error - 2012-10-12 13:24:11 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 19:24:09 - Błąd podczas nawiązywania połączenia z Internetem. 19:24:09 - Nie można skontaktować się z serwerem.. Error - 2012-10-12 15:57:39 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 21:57:39 - Błąd podczas nawiązywania połączenia z Internetem. 21:57:39 - Nie można skontaktować się z serwerem.. Error - 2012-10-12 15:57:46 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 21:57:44 - Błąd podczas nawiązywania połączenia z Internetem. 21:57:44 - Nie można skontaktować się z serwerem.. Error - 2012-10-13 01:46:32 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 07:46:32 - Błąd podczas nawiązywania połączenia z Internetem. 07:46:32 - Nie można skontaktować się z serwerem.. Error - 2012-10-13 01:46:39 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 07:46:37 - Błąd podczas nawiązywania połączenia z Internetem. 07:46:37 - Nie można skontaktować się z serwerem.. Error - 2012-10-13 04:23:26 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 10:23:26 - Błąd podczas nawiązywania połączenia z Internetem. 10:23:26 - Nie można skontaktować się z serwerem.. Error - 2012-10-13 04:23:38 | Computer Name = alex-Komputer | Source = MCUpdate | ID = 0 Description = 10:23:31 - Błąd podczas nawiązywania połączenia z Internetem. 10:23:31 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2013-03-05 10:36:10 | Computer Name = alex-Komputer | Source = DCOM | ID = 10010 Description = Error - 2013-03-07 05:26:28 | Computer Name = alex-Komputer | Source = Service Control Manager | ID = 7030 Description = Usługa HWDeviceService64.exe jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2013-03-07 05:27:40 | Computer Name = alex-Komputer | Source = Tcpip | ID = 4199 Description = System wykrył konflikt adresów między adresem IP 192.168.1.100 a komputerem o sieciowym adresie sprzętowym 20-13-E0-BF-46-29. W rezultacie mogą być zakłócone operacje sieciowe na tym komputerze. Error - 2013-03-07 07:24:58 | Computer Name = alex-Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2013-03-07 18:46:28 | Computer Name = alex-Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2013-03-08 09:22:48 | Computer Name = alex-Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2013-03-09 18:23:26 | Computer Name = alex-Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2013-03-10 14:02:27 | Computer Name = alex-Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2013-03-11 07:19:22 | Computer Name = alex-Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2013-03-11 11:43:03 | Computer Name = alex-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 15:42:09 na ?2013-?03-?11 było nieoczekiwane. < End of report >

oraz GMER:

Kod: Zaznacz wszystko: GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-12 14:50:30 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEKT-22KA9T0 rev.01.01A01 465,76GB Running: 5qbdthtu.exe; Driver: C:\Users\alex\AppData\Local\Temp\aftcqaod.sys ---- Kernel code sections - GMER 2.1 ---- PAGE C:\Windows\system32\DRIVERS\ataport.SYS!DllUnload fffff88000eb04a0 12 bytes {MOV RAX, 0xfffffa80039932a0; JMP RAX} .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88004066ca8 12 bytes {MOV RAX, 0xfffffa80050402a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[2712] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[2712] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2824] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32c36 4 bytes [24, D9, B9, 68] .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2824] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37e43 4 bytes [74, 4C, 09, 66] .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2824] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab75de6 4 bytes [20, EF, B9, 68] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3032] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3032] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text J:\Pobierane\OTL.exe[164] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text J:\Pobierane\OTL.exe[164] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b5f941 8 bytes {MOV EDX, 0x903e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b5f94b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077b5f9bd 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077b5f9c7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077b5fad5 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077b5fadf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b5fb85 8 bytes {MOV EDX, 0x90428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b5fb8f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b5fbb5 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b5fbbf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b5fbcd 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b5fbd7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b5fbe5 8 bytes {MOV EDX, 0x904e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b5fbef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b5fc15 8 bytes {MOV EDX, 0x90528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b5fc1f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b5fc95 8 bytes {MOV EDX, 0x904a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b5fc9f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b5fcad 8 bytes {MOV EDX, 0x90468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b5fcb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b5fcf9 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b5fd03 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077b5fd5d 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077b5fd67 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b5fdf1 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b5fdfb 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077b5ff39 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077b5ff43 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b60049 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b60053 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077b60731 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077b6073b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077b60fad 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077b60fb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077b6100d 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077b61017 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b61055 8 bytes {MOV EDX, 0x903a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b6105f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b610cd 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b610d7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b612d1 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b612db 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000769b102d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000769b1062 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076b10793 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076b107c3 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000758c4df0 5 bytes JMP 00000001001203b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000758c4eb0 5 bytes JMP 00000001001205f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000758c50eb 5 bytes JMP 00000001001208f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000758c5176 5 bytes JMP 0000000100120a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000758c5689 5 bytes JMP 00000001001201b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758c5876 5 bytes JMP 0000000100120170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000758c6abf 5 bytes JMP 0000000100120370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000758c6e3b 5 bytes JMP 0000000100120570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000758c6ee3 5 bytes JMP 0000000100120530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000758c6fb9 5 bytes JMP 00000001001206b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000758c726e 5 bytes JMP 0000000100120770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000758c7a94 5 bytes JMP 00000001001203f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000758c7ca5 5 bytes JMP 0000000100120d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000758c7e47 5 bytes JMP 0000000100120e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000758c8080 5 bytes JMP 00000001001209f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000758c834a 5 bytes JMP 0000000100120970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000758c86b6 5 bytes JMP 0000000100120470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000758c89e9 5 bytes JMP 00000001001202f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000758c8c0d 5 bytes JMP 00000001001205b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000758c95f4 5 bytes JMP 00000001001200b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000758c988e 5 bytes JMP 0000000100120330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000758cac0a 5 bytes JMP 0000000100120d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000758caf37 5 bytes JMP 0000000100120c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000758cb7c5 5 bytes JMP 00000001001209b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!LineTo 00000000758cbba5 5 bytes JMP 0000000100120430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000758cbf60 5 bytes JMP 0000000100120db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000758cc208 5 bytes JMP 0000000100120130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000758cc4db 5 bytes JMP 0000000100120670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000758cc6f6 5 bytes JMP 00000001001206f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000758ccfb9 5 bytes JMP 0000000100120df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000758cd0d5 5 bytes JMP 0000000100120630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000758cd8bf 5 bytes JMP 0000000100120930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000758ce45d 5 bytes JMP 00000001001200f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000758cfd24 5 bytes JMP 00000001001202b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!Escape 00000000758d13bd 5 bytes JMP 0000000100120270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000758d18d0 5 bytes JMP 0000000100120cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000758d4bd0 5 bytes JMP 0000000100120b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000758d4d07 5 bytes JMP 0000000100120b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!EndPage 00000000758d6665 5 bytes JMP 0000000100120230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000758de135 5 bytes JMP 0000000100120ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000758e93cd 5 bytes JMP 0000000100120cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000758ec5d9 5 bytes JMP 0000000100120bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000758ed26a 5 bytes JMP 0000000100120bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000758ed8d1 5 bytes JMP 0000000100120c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000758f3acc 5 bytes JMP 0000000100120030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000758f3f19 5 bytes JMP 00000001001201f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!StartPage 00000000758f400a 5 bytes JMP 0000000100120730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000758f4c41 5 bytes JMP 00000001001207f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000758f53ed 5 bytes JMP 0000000100120830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000758f5444 5 bytes JMP 0000000100120af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000758f549f 5 bytes JMP 0000000100120070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!EndPath 00000000758f54f6 5 bytes JMP 0000000100120a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000758f572f 5 bytes JMP 00000001001207b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!FillPath 00000000758f57c2 5 bytes JMP 0000000100120870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000758f5c34 5 bytes JMP 00000001001204f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000758f5cc5 5 bytes JMP 00000001001204b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000758f5d77 5 bytes JMP 00000001001208b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007685819d 5 bytes JMP 0000000100130570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007685c55d 5 bytes JMP 00000001001302b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000768605ff 5 bytes JMP 00000001001302f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000768608e5 7 bytes JMP 00000001001305b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetParent 0000000076860b0e 7 bytes JMP 00000001001306f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076860cd5 7 bytes JMP 00000001001306b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076860f14 5 bytes JMP 00000001001305f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000768627db 7 bytes JMP 0000000100130630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007686361b 7 bytes JMP 0000000100130670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076864076 5 bytes JMP 0000000100130530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076867a54 7 bytes JMP 0000000100130730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000768687c9 5 bytes JMP 00000001001300f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000768687e9 5 bytes JMP 0000000100130330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000768691f4 5 bytes JMP 00000001001300b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076869232 5 bytes JMP 0000000100130070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076869485 5 bytes JMP 00000001001304f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007686b779 5 bytes JMP 00000001001301b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007686b798 5 bytes JMP 00000001001303f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007686b7b6 5 bytes JMP 00000001001301f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007686b7e6 5 bytes JMP 00000001001304b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007686cee9 5 bytes JMP 0000000100130370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076870880 3 bytes JMP 0000000100130230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW + 4 0000000076870884 1 byte [89] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007687ec67 5 bytes JMP 0000000100130430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007687f66f 3 bytes JMP 0000000100130270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA + 4 000000007687f673 1 byte [89] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076898de7 5 bytes JMP 0000000100130170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076899c8d 5 bytes JMP 0000000100130770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076899f3b 5 bytes JMP 0000000100130030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000768b7e49 5 bytes JMP 0000000100130130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000768b82a1 5 bytes JMP 0000000100130470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000768b84bf 5 bytes JMP 00000001001303b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000756c9556 5 bytes JMP 00000001001400f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000756d04d3 5 bytes JMP 0000000100140130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000756d0b0b 5 bytes JMP 0000000100140270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000756d0b80 5 bytes JMP 00000001001401b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000756d0e80 5 bytes JMP 0000000100140070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000756d0fe8 5 bytes JMP 00000001001400b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000756d11a0 5 bytes JMP 00000001001401f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000756d11ef 5 bytes JMP 0000000100140230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000756d1479 5 bytes JMP 0000000100140030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000756d14e2 5 bytes JMP 0000000100140170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076ebf2fe 5 bytes JMP 0000000100210030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000076ec2489 5 bytes JMP 0000000100210070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000076eef825 5 bytes JMP 00000001002100b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001036f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001036cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800103769c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001037a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010378f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!KeInsertQueueDpc] [fffffa8005040840] [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800399d2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800399d2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800399d2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa800399d2c0 Device \Driver\aktfdjpr \Device\Scsi\aktfdjpr1 fffffa8004eb32c0 Device \Driver\aktfdjpr \Device\Scsi\aktfdjpr1Port2Path0Target0Lun0 fffffa8004eb32c0 Device \FileSystem\Ntfs \Ntfs fffffa80039a52c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3B4002A4-6818-4AB8-B1C2-9FA4C614123A} fffffa8004c762c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004e772c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004bef2c0 Device \Driver\cdrom \Device\CdRom1 fffffa8004bef2c0 Device \Driver\cdrom \Device\CdRom2 fffffa8004bef2c0 Device \Driver\USBSTOR \Device\000000ba fffffa800524c2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8004e772c0 Device \Driver\USBSTOR \Device\000000bb fffffa800524c2c0 Device \Driver\USBSTOR \Device\000000b9 fffffa800524c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{319CA74E-6365-4081-A47F-DC6EC24D35FB} fffffa8004c762c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{EC652FC8-E38F-4AA5-9EAA-C7A4C18A32FF} fffffa8004c762c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004e772c0 Device \Driver\USBSTOR \Device\000000bc fffffa800524c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{62887F83-B3E4-4857-B11E-2B113B320294} fffffa8004c762c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004c762c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800399d2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800399d2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8004e772c0 Device \Driver\aktfdjpr \Device\ScsiPort2 fffffa8004eb32c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800399d2c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa800399d2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b12060] fffffa8004b12060 Trace 3 CLASSPNP.SYS[fffff880013a743f] -> nt!IofCallDriver -> [0xfffffa80047dc120] fffffa80047dc120 Trace 5 ACPI.sys[fffff88001185781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047e8060] fffffa80047e8060 Trace \Driver\atapi[0xfffffa80047ba060] -> IRP_MJ_CREATE -> 0xfffffa800399d2c0 fffffa800399d2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aktfdjpr.SYS fffff8800413d000-fffff8800418e000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2976] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2984] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2988] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2992] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3008] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2972] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2476] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2488] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2300] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2720] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:2028] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3076] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3080] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3556] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3560] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3564] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3572] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3576] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3580] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3584] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3588] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3592] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3720] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3724] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3732] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3756] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3760] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3768] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3776] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:3780] 000000006ab33810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2620:4696] 000000006ab33810 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dddc6d3 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dddc6d3@c0cb38e1bd00 0x1E 0xF5 0x82 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dddc6d3@0024834f37c6 0x47 0xB2 0x43 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dddc6d3@2013e0bf4628 0xF2 0xA2 0xA7 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dddc6d3@0015a07bb9e1 0x99 0x2C 0xAE 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???e????? ???????e???????????`????????$???????????????stio??? ???????e???????????????????????????????f??? ???????e?????d???????0??L????????? ???????????? ???????e?????d???????0????????????&???????????????????? ??? ???????e?????e???????0????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000??????$???e??? ??????????????????? ??{4d36e97d-e325-11ce-bfc1-08002be10318}??????{00000000-0000-0000-ffff-ffffffffffff}??????{00000000-0000-0000-ffff-ffffffffffff}???????????????8??????? ???????0?????f-f???????j???????,???????????????????????????????/??????????ROOT\mssmbios????3???????????i?????st????????????????3??*teredo?????????t????????????????????????????f?f?????e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ???? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????6-21-2006????????????????????????????????????????????h??@usb.inf,%generic.mfg%;(Standardowy kontroler hosta USB)?????????????c?gp6??????????????????{36fc9e60-c465-11cf-8056-444553540000}??????{4d36e967-e325-11ce-bfc1-08002be10318}\0002?????Sterownik woluminu systemu plik?w WPD???{1cc3eda0-ee3f-536d-8807-4f8dcad6a424}???????????????????e???????e??{36fc9e60-c465-11cf-8056-444553540000}???????????????n????????2???????????????>?????????????????????????????usbstor.inf?????????et??? ???~????????????????????????$??????t??ow????????????2???????????h??????????k???????????w??ct??????1c??@oem7.inf,%company%;Brother?ct??ct?????.?????????????????????????h????X??????h???h???????????I??????{36fc9e60-c465-11cf-8056-444553540000}\0013??????????????????????????????????????????????????????????????????????????????????????????5???e????X??????v??????????????????????8&30cc2393&0?6?????????????????????????s????????????? ???????????????????e?0????????????????????? ?????????????????????0????????????????????? ????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???j????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|??????????j???????????????????????x???????????????????????j??? ??????????????3A???????j???;?????????P?;??Net??????????????????????j???;???????????????????j??????????????????%SystemRoot%\System32\drivers\etc?????????????????????V??????????????d??????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|????/???x???;????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???g????????????????????????????????????S????g?g?e?????????????f????? ???????f?????f?????f????(???*?????????????????????????d????????????????9????X??????????????f?f?????????????????????????:???f?e?f?f?f???f?f?????????i??????s???? ???????f?????f???????,??4????????????????????????????f????? ???????f?????????????,?????????????????????y?????f????? ???????f???????????d????????"??????????????????f ??a????????r}????????????????????????????????`???`???????????d???d???????????????????c3??? P??f??????????????????????????`?????????d??????????????????????????f???:??????????? ???????f?????f???????0??L????????? ???????? ?????f???f???f????????? ???????f?????f???????0????????????&???????????????????????? ???????f?????f???????0????????????????????? ???????f???????????f?0?????????????????????????f???????:??keyboard.inf:MS_KBD.NTamd64:STANDARD_Inst:6.1.7600.16385:*pnp0303??????????????????????????????f????? ???????f?????f???????0?????????????????????f?f????????? ???????f???????????f?0?????????????????????????f???????????f?f?f? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????????????????B???????????????/?h?h?h?k???k???????????????????????????9????????????????????????????????????)?????????????????HID\VID_046D&PID_C52F&MI_01&Col03\8&3307166c&0&0002?????????????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0035?00??\\?\HID#VID_046D&PID_C52F&MI_00#8&31ec17c4&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}?7??HID\VID_046D&PID_C52F&MI_01&Col02\8&3307166c&0&0001?????\\?\USB#VID_0BDA&PID_0139#20100201396000000#{53440e77-835c-4768-bd70-e6e87ac8ae69}?&Pi??\\?\Root#*6TO4MP#0009#{cac88484-7515-4c03-82e6-71a87abac361}????\\?\Root#*6TO4MP#0024#{cac88484-7515-4c03-82e6-71a87abac361}?3???????????????????D???????$???????4???????????????????t????z??????????????????????-??????? ???????k???????k???????????5??is??\Windows?\RPC Control???????6-21-2006???????????????????????????????????????RPCSS??o????????\\?\Root#*6TO4MP#0011#{cac88484-7515-4c03-82e6-71a87abac361}?p????H???????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???i??????????????????????X??????????????????????????j???|?|?????????i??????? L??i????????????????????????????????R??????????????????????????????f??????????????ie???????????6??.7??????S???????????????t???????????????????????1???? ???i??????????d??????????|???????????????????s????????????????t????????????????????????????q???????????m??????????%systemroot%\system32\wbem\wmiaprpl.dll??????????????????i???i?i?i?i?i?i?|???????????????~??? ???????}???????????i?,?????????? ?&????????????????????????????????????????????????????????????i?i????????S????}?}?}??l????????????i???{?|????????????????????????????????????????????????????????s?????????P??i?????????e????@%SystemRoot%\System32\wlansvc.dll,-257??????????????????????????i?|?|???????i??????p???TDI??????????i????????h?????%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted???Microsoft???????????????t??????? ???????????LocalSystem??+????P??i?????????n????@%SystemRoot%\System32\wlansvc.dll,-258???????F??i???????????e??nativewifip?RpcSs?Ndisuio?Eaphost?? Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x3E 0xB2 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 J:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x35 0x3A 0xC3 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x13 0x20 0x7D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dddc6d3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dddc6d3@c0cb38e1bd00 0x1E 0xF5 0x82 0xD0 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dddc6d3@0024834f37c6 0x47 0xB2 0x43 0x08 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dddc6d3@2013e0bf4628 0xF2 0xA2 0xA7 0x5C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dddc6d3@0015a07bb9e1 0x99 0x2C 0xAE 0x5B ... Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???/????Base?$??Root\MS_NDISWANIP\0000???????????U??????????????????p????.???????.??????????????????? ???????2.????????????,??L?????????????????????? ???????7???????????7?,????????????&???????????????????????? ???????7?????7???????0????????????????????? ???????7???????????7?0????????j???????????Kontroler zgodny ze standardem High Definition Audio? ??@hdaudbus.inf,%hdaudio.devicedesc%;Kontroler zgodny ze standardem High Definition Audio?????@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,27,0)?;(0,27,0)??????? ???????.???????????.?0????????X??????????????7?????7???7??? ???????7???????????7?0???????????????????????0?&?8?&?9?&??????? ???????7???????????7?0?????????????????????????7???}??00???????7???7??????????????st?????7?????7?7?7??? ???7??????????????? ???????7?????7???????0????????????????????? ???????7???????????7?0???????????????????????7????????????? ???????????7???????-???????????7?7????? ???7??????????????6.1.7600.16385???7?????7?????7?7?7???7??? ???????7?????7???????0??????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???d?????????d???e?e??????X??????????????d???????????????????????????????????????????????????????????d???d???????????????$???d??????????????????????????ACPI\PNP0C0B?*PNP0C0B??CC0??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????Network??????g?g?g???$???d???????????????????????????$???e???????????????????????????$???e??????????????????????????seehcri??A???$???d??????????????????????????? ???\?????????net???g?g???????????????????????????????e???e???e???d?d???$???d???????????????????????????$???e???????????????????????????$???e??????????????????????????fltmgr???????$???e???????????????????????????$???e???????????????????????????$???e???????????????????????????????????????????$???d??????????????????????????????p????-??????1c??Network?????????????????????????????Volume??????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ?????????????????????????????X??k???????i??????$???4????? ??????? ???????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???l?????????????????????k???????????????????????????W??????????????????????????Wolumin uniwersalny?????????????????????Volume??????? ???????k???????????k?0?????????????????????????k?????????????????l????? ???????l?????l???????0????????????????????? ???????l???????????l?0?????????????????????????????????????????l??????????.NTAMD64?0???l?l1D?????l????? ???????l?????l???????0????????????????????? ???????l???????????l?0?????????????????????????????e??80???l?l??????(??l???????????????l???v???????????????s??10???????l???.??vi??storage\volume?828?????l????? ???????l?????l???????0???????????????????????l???k???k???k???k???l???l???l???l??@??????l??? ???????l???????????m?0????????????????????????????????????C0?????l????? ???????l?????l???????0????????????????????? ???????l???????????l?0?????????????????????l?l????volume.inf??????volume_install???????l?l?l?????????????????????????????????????????l????? ???????f?????m??????????L?????????????????? ???????l?????l??????????L?????????&????????????????????????????:??? ????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???l?????l?l?.?????l?????????????????????k???????????????????????????W??????????????????????????Wolumin uniwersalny?????????????????????Volume??????? ???????k???????????k?0?????????????????????????k?????????????????l????? ???????l?????l???????0????????????????????? ???????l???????????l?0?????????????????????????????????????????l??????????.NTAMD64?0???l?l1D?????l????? ???????l?????l???????0????????????????????? ???????l???????????l?0?????????????????????????????e??80???l?l??????(??l???????????????l???v???????????????s??10???????l???.??vi??storage\volume?828?????l????? ???????l?????l???????0???????????????????????l???k???k???k???k???l???l???l???l??@??????l??? ???????l???????????m?0????????????????????????????????????C0?????l????? ???????l?????l???????0????????????????????? ???????l???????????l?0?????????????????????l?l????volume.inf??????volume_install???????l?l?l?????????????????????????????????????????l????? ???????f?????m??????????L?????????????????? ???????l?????l??????????L?????????&?????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???l?8???????????????????????????????????????????t???????????????????????????????????????????l??????????????? ???????j?????l?????j?????????????????????2????? ???????l???????????y??????????N??????? ????????g??{533c5b84-ec70-11d2-9505-00c04f79deaf}\0000??????????????????????????????????????????????????????????????????k??????????Port_#0002.Hub_#0004????? ??????????????????machine.inf:GENDEV_SYS.NTamd64:Volmgr:6.1.7600.16385:root\volmgr????? ???????j?????l?????j????????????@? ???????????umbus.inf????l?l????? ???????l??????????????????????N???????d6??%SystemRoot%\system32\srvsvc.dll???????l?&???????????????????????????????????l?l?????????????s??t????????l???3???????????????????????????????????l???????3??6.1.7600.16385???????l?l?????????????n??er????&??l???n??er??????????????????????????????????????????????????{4d36e96c-e325-11ce-bfc1-08002be10318}\0004??????????j???????e???????f??????s?????>??l?????g????@ksfilter.inf,%msft%;Microsoft?????????????????????s????? ???l??????????????@ksfilter.inf,%mskssrv.devicedesc%; Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???0?????????????|??ot???????????f??e=??e=?????n????? ???????n?????n???????0????????????????????????????????????????????????????? ???????n???????????n?0???????? ????????????? ??n??????????StandardHub.Dev?????.NT????????n????? ???????n?????n???????0????????????????????? ???????n???????????n?0?????????????????????????????????????????n???????????n?n?????n?ns_?????n????? ???????n?????n???????0????????????????????? ???????n???????????n?0?????????????????????????????????????????n??????????usb\class_09?????n?n???????n????? ???????n?????n???????0?????????????????????????n???i??os???????7???n??? ???????y???????m??????????Microsoft???????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}??????????????el???z?????????????n???n???????n????????????????????????tunnel???????????????????????????????????????????????k?l?k?m?n?n?k?k?k??????????????????????????????? ???????r?????T\M???p??????????????? ???????n?????n?????n????????????????????????s??4???????n??????????6-??? ???????n?????????????,???????????????d7-???????n??\?? Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x3E 0xB2 0x59 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 J:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x35 0x3A 0xC3 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x13 0x20 0x7D ... ---- EOF - GMER 2.1 ----

Z serca Wam błogosławię!

**Posty:** 18165 · przez **wojtas** 12 Mar 2013, 17:38

odinstaluj:
Ask Toolbar
CheckRun22find_uninstaller
Ask Toolbar Updater
Pandora Service
i jak nie znasz to:
"Desk 365" = Desk 365

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.22find.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088171
IE - HKCU\..\SearchScopes\{C684C3E1-F65D-4812-B21E-0B0399A20085}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=3B10071F-C6C5-4BD9-8E62-B966677D959C&apn_sauid=354EBFFF-CE6D-43E0-ADBD-FC13BE370156
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "22find"
FF - prefs.js..browser.search.order.1: "22find"
[2013-02-26 17:33:06 | 000,002,308 | ---- | M] () -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\searchplugins\askcom.xml
[2013-03-12 12:36:11 | 000,000,758 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\22find.xml
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CheckRun22find_uninstaller] C:\Users\alex\AppData\Roaming\CheckRun22find.exe ()
[2013-02-26 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013-03-12 12:35:31 | 000,102,912 | ---- | C] () -- C:\Users\alex\AppData\Roaming\CheckRun22find.exe

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Usuń (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzyła się po restarcie).

**Posty:** 934 · przez **AragornXT** 15 Mar 2013, 01:16

AdwCleaner:

Kod: Zaznacz wszystko: # AdwCleaner v2.114 - Log utworzony 15/03/2013 o 00:05:41 # Aktualizacja 05/03/2013 przez Xplode # System operacyjny : Windows 7 Professional (64 bits) # Użytkownik : alex - ALEX-KOMPUTER # Tryb uruchomienia : Normalny # Ścieżka : J:\Pobierane\adwcleaner.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Program Files (x86)\Desk 365 Folder Usunięto : C:\ProgramData\Ask Folder Usunięto : C:\Users\alex\AppData\Roaming\Desk 365 Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk Plik Désinfected : C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Plik Désinfected : C:\Users\alex\Desktop\Google Chrome.lnk Plik Désinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk Plik Désinfected : C:\Users\Public\Desktop\Opera.lnk ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\APN PIP Klucz Usunięto : HKCU\Software\PIP Klucz Usunięto : HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Klucz Usunięto : HKLM\Software\PIP ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v8.0.7600.16800 Podmieniono : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9T0_WD-WXM1E31AVYP6AVYP6&ts=1363088168 --> hxxp://www.google.com -\\ Mozilla Firefox v19.0.2 (pl) Plik : C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\y61ym9mu.default\prefs.js [OK] Plik w porządku. Plik : C:\Users\Gość\AppData\Roaming\Mozilla\Firefox\Profiles\40nc3xw3.default\prefs.js [OK] Plik w porządku. -\\ Google Chrome v25.0.1364.152 Plik : C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences Usunięto [l.31] : keyword = "22find.com", Usunięto [l.34] : search_url = "hxxp://search.22find.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD50[...] Usunięto [l.1740] : homepage = "hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=WDCXWD5000BEKT-22KA9[...] Usunięto [l.2086] : urls_to_restore_on_startup = [ "hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&u[...] Plik : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Plik w porządku. -\\ Opera v12.0.1467.0 Plik : C:\Users\alex\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Plik w porządku. Plik : C:\Users\Gość\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Plik w porządku. ************************* AdwCleaner[S1].txt - [6283 octets] - [28/06/2012 17:24:45] AdwCleaner[S2].txt - [3644 octets] - [15/03/2013 00:05:41] ########## EOF - C:\AdwCleaner[S2].txt - [3704 octets] ##########

Raport z otl:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C684C3E1-F65D-4812-B21E-0B0399A20085}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C684C3E1-F65D-4812-B21E-0B0399A20085}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "22find" removed from browser.search.defaultenginename Prefs.js: "22find" removed from browser.search.order.1 C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\searchplugins\askcom.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\22find.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found. File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CheckRun22find_uninstaller not found. File C:\Users\alex\AppData\Roaming\CheckRun22find.exe not found. Folder C:\Program Files (x86)\Ask.com\ not found. File C:\Users\alex\AppData\Roaming\CheckRun22find.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: alex ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 43259690 bytes ->Java cache emptied: 1 bytes ->FireFox cache emptied: 436011709 bytes ->Google Chrome cache emptied: 44383322 bytes ->Opera cache emptied: 52251619 bytes ->Flash cache emptied: 130942 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gość ->Temp folder emptied: 256713 bytes ->Temporary Internet Files folder emptied: 281308 bytes ->FireFox cache emptied: 10267380 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 1621443 bytes ->Flash cache emptied: 678 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 481031773 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes RecycleBin emptied: 841886564 bytes Total Files Cleaned = 1 823,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03142013_130018 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

Log z otl:

Kod: Zaznacz wszystko: OTL logfile created on: 2013-03-15 00:10:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = J:\Pobierane 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,91 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,03% Memory free 7,82 Gb Paging File | 6,13 Gb Available in Paging File | 78,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,57 Gb Total Space | 6,37 Gb Free Space | 10,88% Space Free | Partition Type: NTFS Drive E: | 50,00 Gb Total Space | 24,45 Gb Free Space | 48,90% Space Free | Partition Type: NTFS Drive F: | 696,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 100,00 Gb Total Space | 80,19 Gb Free Space | 80,19% Space Free | Partition Type: NTFS Drive K: | 100,00 Gb Total Space | 80,84 Gb Free Space | 80,84% Space Free | Partition Type: NTFS Drive L: | 157,19 Gb Total Space | 124,24 Gb Free Space | 79,04% Space Free | Partition Type: NTFS Computer Name: ALEX-KOMPUTER | User Name: alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-03-12 14:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- J:\Pobierane\OTL.exe PRC - [2013-03-08 12:29:27 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-01-20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012-08-08 23:28:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-05-02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012-05-01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012-04-12 04:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012-03-31 03:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011-06-24 12:52:26 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exe PRC - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-04-08 07:01:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2011-02-02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2009-08-27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009-07-24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-03-08 12:29:27 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-09-02 13:46:44 | 017,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3989b4ca6cf904061992daec9e7d5644\PresentationFramework.ni.dll MOD - [2012-09-02 13:46:15 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bff8af8f1a007d8f99d335b6ef94c1da\PresentationFramework.Classic.ni.dll MOD - [2012-05-13 12:57:02 | 000,767,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll MOD - [2012-04-28 10:54:59 | 000,115,137 | ---- | M] () -- C:\Users\alex\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll MOD - [2012-03-31 03:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011-09-03 22:26:42 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll MOD - [2011-09-03 22:26:35 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll MOD - [2011-07-17 12:27:35 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll MOD - [2011-07-17 12:24:49 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll MOD - [2011-07-17 10:56:32 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll MOD - [2011-07-17 10:56:23 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll MOD - [2011-07-17 10:56:00 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll MOD - [2011-07-17 10:55:49 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll MOD - [2011-07-17 10:55:36 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll MOD - [2011-07-17 10:55:27 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-05-12 19:38:40 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-03-13 12:21:49 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-03-08 12:29:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-05-02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012-05-01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-04-12 04:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2011-07-13 16:27:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011-06-24 12:52:26 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM) SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-04-08 07:01:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2011-02-02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-08-27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009-07-24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-08-07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007-05-31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-07-04 00:11:52 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-05-02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:[b]64bit:[/b] - [2012-04-27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2012-04-24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2012-02-24 10:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:[b]64bit:[/b] - [2012-02-24 10:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2012-02-24 10:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2012-02-17 22:24:47 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:[b]64bit:[/b] - [2012-02-17 22:24:19 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:[b]64bit:[/b] - [2012-02-17 22:24:19 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:[b]64bit:[/b] - [2011-09-09 10:51:02 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2011-09-09 10:51:02 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV:[b]64bit:[/b] - [2011-09-09 10:51:02 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2011-09-09 10:51:00 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2011-08-16 16:17:46 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2011-07-13 00:34:18 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:[b]64bit:[/b] - [2011-07-13 00:27:49 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2011-07-13 00:27:27 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011-06-10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:[b]64bit:[/b] - [2011-06-02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:[b]64bit:[/b] - [2011-04-08 07:01:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2011-03-15 17:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:[b]64bit:[/b] - [2010-12-21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:[b]64bit:[/b] - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-07-27 08:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2010-04-03 09:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:[b]64bit:[/b] - [2009-10-05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:[b]64bit:[/b] - [2008-05-16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:[b]64bit:[/b] - [2008-05-16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:[b]64bit:[/b] - [2008-05-16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{776D17D3-1DA0-4981-AE90-A01FDEF5D2A3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{776D17D3-1DA0-4981-AE90-A01FDEF5D2A3}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=128" FF - prefs.js..extensions.enabledAddons: pagerank%40any-tech.ws:1.1.1 FF - prefs.js..extensions.enabledAddons: %7B7C9AE782-DB21-4e40-81FB-AD8A53A6233A%7D:1.83 FF - prefs.js..extensions.enabledAddons: %7Bc2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294%7D:1.1 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: J:\Programy\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-03-08 12:29:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-03-08 12:29:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012-05-12 14:29:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\eran@whoislive.com: C:\Users\alex\AppData\Local\Temp\whoislive.xpi [2013-01-31 03:14:26 | 000,152,662 | ---- | M] () [2011-07-13 00:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions [2013-03-12 16:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\y61ym9mu.default\extensions [2013-02-18 23:54:04 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\y61ym9mu.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-03-03 00:00:29 | 000,187,274 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2012-07-30 23:36:34 | 000,022,179 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\pagerank@any-tech.ws.xpi [2012-10-27 00:08:57 | 000,039,447 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\seotoolbar@seo-sem.com.xpi [2012-09-24 10:32:43 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012-10-26 23:43:11 | 000,015,459 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2012-09-29 12:00:01 | 000,003,170 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2013-02-14 23:54:06 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-26 23:56:25 | 000,005,306 | ---- | M] () -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\y61ym9mu.default\searchplugins\whois-ip-address.xml [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-03-08 12:29:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-03-08 12:29:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013-02-20 00:50:33 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2013-02-20 00:50:33 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2013-02-20 00:50:33 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2013-02-20 00:50:33 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2013-02-20 00:50:33 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-02-20 00:50:33 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: 22find (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin5.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - homepage: CHR - Extension: Whoislive = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdkkghemjaackpnodiacedfadojaboh\4.1_0\ CHR - Extension: 22find = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1_0\ CHR - Extension: Skype Click to Call = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] J:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\PLAY Web partner\PLAY Web partner File not found O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4002A4-6818-4AB8-B1C2-9FA4C614123A}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62887F83-B3E4-4857-B11E-2B113B320294}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93CDC04E-BBDE-4361-93DD-313BC8C1CC95}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003-02-12 17:13:38 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2012-05-12 19:21:22 | 000,000,000 | ---D | M] - L:\AutoCadx64 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-03-14 21:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 [2013-03-14 21:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.7 [2013-03-14 21:00:23 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Programs [2013-03-14 01:52:40 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\ZABAWKAAAA [2013-03-12 12:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337 [2013-03-12 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\IrfanView [2013-03-12 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\eDownload [2013-03-12 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\XnView [2013-03-12 12:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2013-03-12 12:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView [2013-03-09 21:54:48 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-03-09 21:54:37 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-03-08 12:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-03-07 10:26:04 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013-03-07 10:26:04 | 000,422,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys [2013-03-07 10:26:04 | 000,223,744 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013-03-07 10:26:04 | 000,223,232 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013-03-07 10:26:04 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013-03-07 10:26:04 | 000,098,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013-03-07 10:26:04 | 000,087,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013-03-07 10:26:04 | 000,072,192 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013-03-07 10:26:04 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013-03-07 10:26:04 | 000,028,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013-03-07 10:26:04 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys [2013-03-07 10:26:04 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013-03-04 13:53:41 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\FastStone [2013-03-02 19:56:59 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\TeamViewer [2013-02-27 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\alex\Documents\SimCity 4 [2013-02-27 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimCity 4 [2013-02-27 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 4 [2013-02-27 20:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimCity 4 [2013-02-26 19:58:51 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\GHISLER [2013-02-18 18:35:50 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\Teksty synonimizowane [2013-02-16 15:27:07 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-03-15 00:07:11 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-03-15 00:07:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-03-15 00:06:57 | 3148,419,072 | -HS- | M] () -- C:\hiberfil.sys [2013-03-15 00:06:08 | 000,001,286 | ---- | M] () -- C:\Users\alex\Desktop\Google Chrome.lnk [2013-03-15 00:05:47 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013-03-15 00:05:47 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2013-03-14 23:28:53 | 000,004,523 | ---- | M] () -- C:\Users\alex\AppData\Roaming\CamStudio.cfg [2013-03-14 23:28:53 | 000,000,408 | ---- | M] () -- C:\Users\alex\AppData\Roaming\CamShapes.ini [2013-03-14 23:28:53 | 000,000,408 | ---- | M] () -- C:\Users\alex\AppData\Roaming\CamLayout.ini [2013-03-14 23:28:53 | 000,000,050 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Camdata.ini [2013-03-14 23:21:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-03-14 23:20:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-03-14 21:00:31 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk [2013-03-14 13:11:49 | 000,018,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-03-14 13:11:49 | 000,018,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-03-14 13:08:45 | 001,863,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-03-14 13:08:45 | 000,808,858 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-03-14 13:08:45 | 000,722,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-03-14 13:08:45 | 000,182,460 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-03-14 13:08:45 | 000,148,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-03-14 02:34:28 | 000,016,965 | ---- | M] () -- C:\Users\alex\Desktop\Wykorzystane multikody.odt [2013-03-13 12:21:49 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-03-13 12:21:49 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-03-12 23:12:32 | 000,060,065 | ---- | M] () -- C:\Users\alex\Desktop\global.css [2013-03-12 12:19:03 | 000,001,789 | ---- | M] () -- C:\Users\alex\Desktop\XnView.lnk [2013-03-11 23:07:59 | 000,279,276 | ---- | M] () -- C:\Users\alex\Desktop\279816_525576997493732_255206844_o.jpg [2013-03-11 15:32:26 | 000,014,930 | ---- | M] () -- C:\Users\alex\Documents\ściąga%20biola.odt_0.odt [2013-03-11 15:17:12 | 000,000,103 | -H-- | M] () -- C:\Users\alex\Desktop\.~lock.ściąga biola.odt# [2013-03-09 21:54:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013-03-09 21:54:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013-03-09 21:54:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-03-09 21:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-03-09 21:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-03-09 21:54:31 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-03-06 23:47:19 | 000,780,980 | ---- | M] () -- C:\Users\alex\Desktop\white-paper-seo-en.pdf [2013-03-02 00:10:33 | 000,016,143 | ---- | M] () -- C:\Users\alex\Desktop\ściąga biola.odt [2013-02-17 00:04:14 | 000,114,100 | ---- | M] () -- C:\Users\alex\Documents\Video call snapshot 20.png [2013-02-16 15:27:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2013-02-15 00:03:37 | 000,053,907 | ---- | M] () -- C:\Users\alex\Desktop\wtum85.jpg.png [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-03-14 23:28:53 | 000,000,408 | ---- | C] () -- C:\Users\alex\AppData\Roaming\CamShapes.ini [2013-03-14 23:28:53 | 000,000,408 | ---- | C] () -- C:\Users\alex\AppData\Roaming\CamLayout.ini [2013-03-14 23:28:53 | 000,000,050 | ---- | C] () -- C:\Users\alex\AppData\Roaming\Camdata.ini [2013-03-14 23:10:58 | 000,004,523 | ---- | C] () -- C:\Users\alex\AppData\Roaming\CamStudio.cfg [2013-03-14 21:00:31 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk [2013-03-12 12:19:03 | 000,001,789 | ---- | C] () -- C:\Users\alex\Desktop\XnView.lnk [2013-03-11 23:07:58 | 000,279,276 | ---- | C] () -- C:\Users\alex\Desktop\279816_525576997493732_255206844_o.jpg [2013-03-11 18:39:20 | 000,014,930 | ---- | C] () -- C:\Users\alex\Documents\ściąga%20biola.odt_0.odt [2013-03-11 15:17:12 | 000,000,103 | -H-- | C] () -- C:\Users\alex\Desktop\.~lock.ściąga biola.odt# [2013-03-11 01:47:14 | 000,060,065 | ---- | C] () -- C:\Users\alex\Desktop\global.css [2013-03-06 23:47:19 | 000,780,980 | ---- | C] () -- C:\Users\alex\Desktop\white-paper-seo-en.pdf [2013-02-17 21:53:57 | 000,016,965 | ---- | C] () -- C:\Users\alex\Desktop\Wykorzystane multikody.odt [2013-02-16 15:27:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2013-02-16 15:27:24 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk [2013-02-15 00:03:35 | 000,053,907 | ---- | C] () -- C:\Users\alex\Desktop\wtum85.jpg.png [2012-10-30 02:13:01 | 000,002,531 | ---- | C] () -- C:\Users\alex\AppData\Local\recently-used.xbel [2012-06-30 18:19:07 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini [2012-06-18 17:31:42 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2012-05-29 15:36:53 | 000,007,605 | ---- | C] () -- C:\Users\alex\AppData\Local\Resmon.ResmonCfg [2012-05-26 17:33:44 | 000,000,600 | ---- | C] () -- C:\Users\alex\AppData\Roaming\winscp.rnd [2012-05-15 21:22:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\ltserial.dll [2012-05-12 19:39:15 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012-05-12 19:31:30 | 001,839,254 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-04-19 14:17:23 | 000,000,103 | ---- | C] () -- C:\Windows\pro.INI [2012-03-28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-03-28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-03-28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-03-28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-03-28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-01-30 18:53:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\encryptpdf.dat [2012-01-28 22:44:48 | 000,005,632 | ---- | C] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-28 21:52:13 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2011-10-19 11:53:09 | 000,083,229 | ---- | C] () -- C:\Users\alex\neostrada_990696156611.pdf [2011-10-19 09:19:00 | 000,001,131 | ---- | C] () -- C:\Users\alex\umk.cer [2011-10-19 09:18:38 | 000,024,706 | ---- | C] () -- C:\Users\alex\vista.htm [2011-09-03 21:32:20 | 003,097,252 | ---- | C] () -- C:\Users\alex\GE620_Polish.pdf [2011-08-11 22:44:20 | 000,000,411 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011-08-11 22:44:20 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2011-07-13 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\.wtw [2011-09-03 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Ashampoo [2012-07-18 12:11:54 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Autodesk [2012-05-15 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\BESTplayer [2012-06-18 17:31:48 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\CAD-KAS [2012-11-16 23:15:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\com.adobe.ExMan [2013-01-26 13:34:18 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DAEMON Tools Lite [2012-07-06 10:05:30 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Downloaded Installations [2013-03-15 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Dropbox [2013-03-12 12:35:22 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\eDownload [2013-03-14 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\foobar2000 [2012-11-01 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Free Monitor for Google [2012-06-29 13:58:26 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\GHISLER [2012-11-01 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\InsERT GT [2012-03-12 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ipla [2013-03-12 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\IrfanView [2012-08-11 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\LibreOffice [2012-08-18 17:59:14 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\MAGIX [2012-06-18 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Nitro PDF [2012-02-17 23:04:19 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Notepad++ [2011-07-13 16:38:15 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\OpenOffice.org [2012-07-30 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Opera [2012-08-18 23:06:31 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Publish Providers [2012-04-28 10:31:42 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Samsung [2012-10-24 23:39:56 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ScrapeBox Link Checker Free Edition [2012-08-18 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Software Informer [2012-08-19 12:07:06 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Sony [2013-03-02 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\TeamViewer [2012-09-02 21:40:28 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Temp [2012-05-12 14:32:22 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Thunderbird [2012-10-04 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\uTorrent [2013-03-12 13:42:33 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\XnView [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 18165 · przez **wojtas** 15 Mar 2013, 19:25

skasuj ten folder:

C:\Program Files (x86)\Common Files\337

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko to czego nie znasz za pomocą tego programu )
* wykonaj kroki finalizujące temat