Avast odmówił posłuszeństwa.

[potus]

Na ikonce Avast`a po prawej na dole pojawił się krzyżyk. i pojawił się napis: "Antyvirus Avast Ostrzeżenie System nie jest ZABEZPIECZONY"

Komp po załadowaniu i zrobieniu czegokolwiek wiesza się i wyskakuje okienko z napisem:


Aplikacja lub biblioteka DLL C:/PROGRA~1/ALWILS~1/Avast4/ashTask.dll nie jest poprawnym obrazem systemu Windows NT. Sprawdz to z dyskietką instalacyjną.

Mam XP anie NT.
I tylko można kliknąć ok.

W trakcie ładowania jeszcze można coś tak włączyć i przeleciałem AdwCleanerem i Glaryutilites. Glary jak to glary poprawił 22 błędy w rejestrze i tyle. Adv Nic nie znalazł oprócz katalogu po czyś Co w ostatnich dwóch tygodniach wyczyściłem.

Po jednym z resetów Wyskoczyło mi to systemowe skanowanie i dość dużo czegoś tam ponaprawiał. Pisze wtedy :Odzyskiwanie oddzielonego pliku (jakieś numery) do pliku katalogów.

[NieWiem]

Przez grzeczność nie powiem, co myślę o GlaryUtilities, ponieważ na forum obiwiązuje kultura.

Glary jak to glary poprawił 22 błędy w rejestrze i tyle

Gucio prawda. Prędzej to z jego powodu

Pisze wtedy :Odzyskiwanie oddzielonego pliku (jakieś numery) do pliku katalogów.

Możesz sobie mieć XP, ale dalej masz NT. Pogódź się z tym.


Musisz wyłączyć program AV na czas trwania tego skanowania.
Pobierz ZOEK.
Uruchom jako administrator.
W oknie programu wklej następujący skrypt:

Kod: Zaznacz wszystko

autoclean;
process;
systemspecs;
startupall;
services-list;
filescrm;
firefoxlook;
chromelook;
skipfix-iedefaults;
installedprogs;


Upewnij się, że opcja Scan All Users jest zaznaczona.
Wciśnij Run Script i poczekaj na wynikowy raport. Przeklej go.

[potus]

Niestety wirus dopadł mojego (w zasadzie syna) laptopa. Vista tam jest. Podczas uruchamiania kompa programy z autostartu 'przestaly Działać' np. Program Skype.exe przestał działać. Itp avast się odpala ale bez osłon po skanowaniu usunelo paręnaście wirusów ale dalej wszystko to samo czyli programy autostartu mię działają itp. Pisze z telefonu a właściwie syn teraz naprawia wiec witam, jestem Wiktor xd To wszystko z tego postu ja pisałem tata tylko temat zakładał, gdy laptopa naprawie on przejmie pisanie itp bo jego komp Będzie naprawial. Z Zoek'a logi

Spoiler:

Zoek.exe v5.0.0.0 Updated 21-05-2014 Tool run by Wiktor on 2014-06-07 at 18:45:58,23. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 3 x86 Running in: Safe Mode NETWORK No Internet Access Detected Launched: C:\Users\Wiktor\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5DE3A8DF-ADD6-4BAA-8293-91996D5C39B2} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DC5ADBD2-26B5-4B06-8644-AA5450A78203} deleted successfully HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F7DCECA4-D7CA-4672-8D92-99149B81EA8D} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Ableton Live 9 Trial Acer Arcade Deluxe Acer Bio Protection Acer Crystal Eye Webcam Acer Crystal Eye Webcam 2.0.8 Acer Crystal Eye webcam Ver:1.1.59.528 Acer eDataSecurity Management Acer Empowering Technology Acer ePower Management Acer eRecovery Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer Product Registration Acer ScreenSaver Adobe After Effects 7.0 Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Community Help Adobe ExtendScript Toolkit 1.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 2.0 Adobe Media Player Adobe Photoshop CS5 Adobe Photoshop CS5.1 Adobe Reader X (10.1.0) - Polish Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 Agere Systems HDA Modem Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) Aktualizacje NVIDIA 1.10.8 APB Reloaded avast Free Antivirus Bad Piggies Bandicam Battlefield 3t Battlelog Web Plugins Broadcom Gigabit Integrated Controller BulletStorm Bulletstorm Camtasia Studio 8 CCleaner Cheat Engine 6.2 Choice Guard Clownfish for Skype Counter-Strike 1.6 NonSteam Counter Strike 1.6 wersja CS 1.6 Cube World CyberLink PowerDirector DAEMON Tools Lite Deus Ex: Human Revolution DirectX for Managed Code Update (Summer 2004) Drumsite 1.7 (demo) EA Sports FIFA World Facebook Messenger 2.1.4814.0 Facebook Video Calling 2.0.0.447 Fakturka 1.07 Fakturka 1.30 Far Cry 2 FIFA 13 FileViewPro Foxtab Free Studio version 2013 FreeArc 0.666 Galeria fotografii usˆugi Windows Live Gameforge Live 2.0.2 GamersFirst LIVE GameSpy Comrade GG Giants GIMP 2.6.11 Glary Utilities 4.3 Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Deskjet 1050 J410 series Podstawowe oprogramowanie urz¥dzenia HP Deskjet 1050 J410 series Pomoc IntelR Matrix Storage Manager IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Java 7 Update 51 Java Auto Updater Java(TM) 6 Update 24 JMicron JMB38X Flash Media Controller K-Lite Codec Pack 5.4.4 (Basic) KAG 0.95A LightScribe 1.4.142.1 LogMeIn Hamachi Malwarebytes' Anti-Malware wersja 1.51.1.1800 Media Watch Microsoft .NET Framework 3.5 Language Pack SP1 - plk Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (PLK) Microsoft .NET Framework 4.5.1 (Polski) Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Polish) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Polish) 2007 Microsoft Office PowerPoint MUI (Polish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Polish) 2007 Microsoft Office Proofing (Polish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (Polish) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (Polish) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft Works Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Minecraft Pingwin Pack 4 wersja 4.0 MiniTool Partition Wizard Home Edition 7.6.1 Mount&Blade With Fire and Sword MOV to AVI MPEG WMV Converter 6.2.0411 Mozilla Firefox 8.0.1 (x86 pl) Mp3 Knife 3.2 MSVC80_x86 MSVCRT Narz©dzie do przekazywania usˆugi Windows Live Need for Speedt Most Wanted Nokia Connectivity Cable Driver Nokia PC Suite Norton Security Scan Notepad++ NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 NVIDIA Install Application NVIDIA Oprogramowanie systemu PhysX 9.12.0604 NVIDIA PhysX NVIDIA Sterownik d«wi©ku HD 1.3.18.0 NVIDIA Sterownik graficzny 307.83 NVIDIA Update Components Oddworld: Abe's Exoddus (remove only) Odkurzacz 12.6 Ogniem i Mieczem - Dzikie Pola OpenOffice.org 3.1 Origin Pakiet j©zykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 - PLK Pando Media Booster Panel sterowania NVIDIA 307.83 Paper Chase 2 PC Tools Firewall Plus 7.0 PDF Architect PDF Editor 4 PDF Settings CS5 PDFCreator PhotoScape PileFile downloader Pivot Stickfigure Animator PlayLinc PlayReady PC Runtime x86 Poczta usˆugi Windows Live Podstawowe programy Windows Live QuickTime RAYMANM RealPlayer RealUpgrade 1.0 Rockstar Games Social Club Sam and Max - Sezon 1 S¥siedzi z Piekˆa Rodem 1 i 2 SBKRX Superbike World Championship Scan2PDF 1.6 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition Settlers IV - Zˆota Edycja SGP Baltie 3 SimCity 2000R Special Edition SimCity 4 Deluxe Skypet 6.16 Software Version Updater Sony PC Companion 2.10.197 SPOREt Sumotori Dreams Sumotori Full Version Super Mario Bros v1.0 Synaptics Pointing Device Driver TeamSpeak 3 Client Testy gimnazjalne 2012 CD 1 1.0 Testy gimnazjalne 2012 CD 2 1.0 Testy Sz¢stoklasisty 2013 The Elder Scrolls V: Skyrim Tony Hawk's Pro Skater 3R Tony Hawk's Underground Tony Hawk's Underground 2 Total Commander Ultima Prime 5.9.0.0 Transformice Tricky Truck 2.31 Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition uTorrent Virtual Bus VirtualBus A6C RC2.2 VirtualDJ Home FREE Visual Basic 5.0 Visual Basic 5.0 (c:\\Windows\\system32\\) Visual Basic 5.0 (C:\\Windows\\system32\\) #3 Visual Basic 5.0 (C:\\Windows\\system32\\) #4 Visual Basic 5.0 (C:\\Windows\\system32\\) #5 Warblade Winbond CIR Device Drivers Windows Live Communications Platform Windows Live ID Sign-in Assistant Windows Live Messenger Windows Live Sync Windows Live Writer Windows Media Player Firefox Plugin Windows Movie Maker 2.6 Zuma Deluxe ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\Explorer.EXE C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe C:\Users\Wiktor\Downloads\zoek.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\OpenOffice.org 3\program\swriter.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\update GreyGray deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\update GreyGray deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\util GreyGray deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\util GreyGray deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Wiktor\AppData\Roaming\GG\Profiles\53l1vrvv.3785755 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs__1905_.backup ProfilePath: C:\Users\Wiktor\AppData\Roaming\GG\Profiles\9v8bvgnp.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs__1905_.backup ProfilePath: C:\Users\Wiktor\AppData\Roaming\GG\Profiles\default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs__1905_.backup ProfilePath: C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default user.js not found ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaultenginename", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaulturl", "http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43&l=1&q="); user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.selectedEngine", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.startup.homepage", "http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43"); user_pref("keyword.URL", "http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43&l=1&q="); ---- Lines 75656794-AB59-4712-BFBC-5D816D56F3BC modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs__1905_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\GreyGray deleted C:\Users\Wiktor\AppData\LocalLow\{282DE089-87FA-0B95-F465-6395DD118ED5} deleted C:\Users\Wiktor\AppData\LocalLow\{8639372A-8EA5-5EE7-A6EE-2A33B047FC01} deleted C:\Users\Wiktor\AppData\LocalLow\{9D51A665-5010-6D16-9339-4E0B6AB3C4E4} deleted C:\Users\Wiktor\AppData\Local\genienext deleted C:\Users\Wiktor\daemonprocess.txt deleted C:\Users\Wiktor\.android deleted C:\PROGRA~2\surf and keep deleted C:\Program Files\surf and keep deleted C:\PROGRA~2\SearchNewTab deleted C:\Program Files\SearchNewTab deleted C:\PROGRA~2\YoutubeAdblocker deleted C:\Program Files\YoutubeAdblocker deleted C:\Program Files\Mobogenie deleted C:\Program Files\Foxtab deleted C:\Program Files\GS Supporter deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\found.000 deleted C:\found.001 deleted C:\Users\Wiktor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk deleted C:\Users\Wiktor\AppData\Roaming\newnext.me deleted C:\Users\Wiktor\AppData\Roaming\FoxTab deleted C:\Users\Wiktor\AppData\Roaming\SkypEmoticons deleted C:\Users\Wiktor\AppData\Roaming\Babylon deleted C:\Users\Wiktor\AppData\Roaming\Oxy deleted C:\Users\Wiktor\AppData\Roaming\Search Settings deleted C:\Users\Wiktor\AppData\Roaming\pdfforge deleted C:\Users\GOEBFF~1\AppData\Roaming\Babylon deleted C:\PROGRA~2\AlawarWrapper deleted C:\PROGRA~2\InstallMate deleted C:\PROGRA~2\Babylon deleted C:\PROGRA~2\Package Cache deleted C:\PROGRA~2\Trymedia deleted C:\Users\Wiktor\AppData\Local\foxtab_speeddial.crx deleted C:\Users\Wiktor\AppData\Local\Oxy deleted C:\Users\Wiktor\AppData\Local\uTorrentBar deleted C:\Users\Wiktor\AppData\Local\Mobogenie deleted C:\Users\Wiktor\AppData\Local\cache deleted C:\Users\Wiktor\AppData\Local\SwvUpdater deleted C:\Users\Wiktor\AppData\Local\Babylon deleted C:\Users\Wiktor\AppData\Local\Conduit deleted C:\Users\Wiktor\AppData\LocalLow\MyWebSearch deleted C:\Users\Wiktor\AppData\LocalLow\facemoods.com deleted C:\Users\Wiktor\AppData\LocalLow\XfireXO deleted C:\Users\Wiktor\AppData\LocalLow\Conduit deleted C:\Users\Wiktor\AppData\LocalLow\FunWebProducts deleted C:\Users\Wiktor\AppData\LocalLow\Toolbar4 deleted C:\Users\GOEBFF~1\AppData\LocalLow\MyWebSearch deleted C:\Users\GOEBFF~1\AppData\LocalLow\XfireXO deleted C:\Users\GOEBFF~1\AppData\LocalLow\uTorrentBar deleted C:\Users\GOEBFF~1\AppData\LocalLow\PriceGong deleted C:\Users\GOEBFF~1\AppData\LocalLow\Conduit deleted C:\Users\GOEBFF~1\AppData\LocalLow\ConduitEngine deleted C:\Users\GOEBFF~1\AppData\LocalLow\FunWebProducts deleted C:\Users\GOEBFF~1\AppData\LocalLow\Toolbar4 deleted C:\Windows\wininit.ini deleted C:\Windows\system32\tasks\RunAsStdUser Task deleted C:\Windows\tasks\FoxTab.job deleted C:\Windows\system32\tasks\FoxTab deleted C:\Windows\System32\AI_RecycleBin deleted C:\Users\Wiktor\Documents\Mobogenie deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\askcom.xml deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\daemon-search.xml deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\mywebsearch.xml deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\search.xml deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\WebSearch.xml deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\staged deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\CT2304157 deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\CT2704262 deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\CT2786678 deleted C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\conduit deleted C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\conduitCommon deleted "C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\conduit.xml" deleted "C:\PROGRA~2\af2e70bf1cd45ebd\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted "C:\PROGRA~2\af2e70bf1cd45ebd\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}" deleted "C:\PROGRA~2\af2e70bf1cd45ebd\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}.old" deleted "C:\PROGRA~2\af2e70bf1cd45ebd\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted "C:\PROGRA~2\af2e70bf1cd45ebd\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted "C:\Users\Wiktor\AppData\Roaming\XnView\category.db" deleted "C:\Users\Wiktor\AppData\Roaming\XnView\XnView.db" deleted "C:\PROGRA~2\af2e70bf1cd45ebd" deleted "C:\Users\Wiktor\AppData\Roaming\XnView" deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "BANDICAM"="C:\Program Files\Bandicam\bdcam.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "uTorrent"="C:\Users\Wiktor\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "EADM"="D:\Origin\Origin.exe -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe show" "CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe -s" "LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "BANDICAM"="C:\Program Files\Bandicam\bdcam.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "uTorrent"="C:\Users\Wiktor\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "EADM"="D:\Origin\Origin.exe -AutoStart" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~1\\websea~1\\sprote~1.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS5.5ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\CS5.5ServiceManager\\CS5.5ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Clownfish] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Clownfish" "hkey"="HKCU" "command"="\"C:\\Program Files\\Clownfish\\Clownfish.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ePower_DMC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ePower_DMC" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Wiktor\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameXN" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN (news)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameXN (news)" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN (update)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameXN (update)" "hkey"="HKCU" "command"="\"C:\\ProgramData\\GameXN\\GameXNGO.exe\" /u" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GG" "hkey"="HKCU" "command"="\"C:\\Users\\Wiktor\\AppData\\Local\\GG\\Application\\gghub.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Wiktor\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogMeIn Hamachi Ui" "hkey"="HKLM" "command"="\"C:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes Anti-Malware (reboot)" "hkey"="HKLM" "command"="\"C:\\Skanery\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes' Anti-Malware (reboot)" "hkey"="HKLM" "command"="\"C:\\Skanery\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCplDaemon" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Odkurzacz-MCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Odkurzacz-MCD" "hkey"="HKCU" "command"="C:\\Program Files\\Odkurzacz\\odk_mcd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sony PC Companion" "hkey"="HKCU" "command"="\"C:\\Program Files\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"D:\\Gry\\Utorrent\\uTorrent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] "item"="Adobe Gamma" "path"="C:\\Users\\Wiktor\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk] "item"="Facebook Messenger" "path"="C:\\Users\\Wiktor\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Facebook Messenger.lnk" "backup"="C:\\Windows\\pss\\Facebook Messenger.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Wiktor\\AppData\\Local\\Facebook\\MESSEN~1\\214814~1.0\\FACEBO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] "item"="GamersFirst LIVE!" "path"="C:\\Users\\Wiktor\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GamersFirst LIVE!.lnk" "backup"="C:\\Windows\\pss\\GamersFirst LIVE!.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Wiktor\\AppData\\Local\\GAMERS~2\\LIVE!\\Live.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk] "item"="Orion" "backup"="C:\\Windows\\pss\\Orion.lnk.Startup" "backupExtension"=".Startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk] "item"="Xfire" "backup"="C:\\Windows\\pss\\Xfire.lnk.Startup" "backupExtension"=".Startup" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\AmiUpdXp.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000UA.job --a------ C:\Users\Wiktor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-26 14:06] C:\Windows\tasks\GlaryInitialize 4.job --a------ C:\Program Files\Glary Utilities 4\Initialize.exe [2013-12-24 04:02] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-03 10:36] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-03 10:36] C:\Windows\tasks\Norton Security Scan for Wiktor.job --a------ C:\Program Files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-01 19:58] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Wiktor-PC-Wiktor" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000Core" [C:\Users\Wiktor\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000UA" [C:\Users\Wiktor\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GlaryInitialize 4" [C:\Program Files\Glary Utilities 4\Initialize.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Norton Security Scan for Wiktor" [C:\Program Files\Norton Security Scan\Engine\2.3.0.44\Nss.exe] "C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-993344782-977236109-1894507152-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-993344782-977236109-1894507152-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\{E127DCF2-2767-4C58-A9E3-BC6E8287CBA7}" ["c:\users\wiktor\appdata\local\google\chrome\application\chrome.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "ext@MediaWatchV1home846.net"="C:\Program Files\MediaWatchV1\MediaWatchV1home846\ff" [2014-03-23 12:03] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default - Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home846\ff - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} - Undetermined - %ProfilePath%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}-trash ==== Firefox Plugins ====================== Profilepath: C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default 5AD4E19D583FA285F4B5CCB7784A28C2 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash C47920B4F36C19F97BD2EC19481387E5 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin 4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U24 8E2810B436C017FBAD000FE6DD032462 - C:\ProgramData\Gadu-Gadu 10\_userdata\npgg.4.dll - Gadu-Gadu Plug-in BCA175A4D68910B97C9391F2B5F02A4D - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat FC3AED6C55AD01E421F7ED806A34F2F4 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll - RealPlayer Version Plugin 287DE6B593674F6E717601FBAC5E64B7 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin 6DADEF4C86EFED0F9A80465AB2D305C1 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7 ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bmbpbcpokffodhpcdjaoopolhdlbconi - No path found[] dchmpbaclbiioedakpcldenooikekokm - C:\Users\Wiktor\AppData\Local\foxtab_speeddial.crx[] dhkplhfnhceodhffomolpfigojocbpcb - No path found[] eidphapafeokcphbgnlebckpcpebcfnj - C:\Program Files\MediaWatchV1\MediaWatchV1home846\ch\MediaWatchV1home846.crx[2014-03-20 16:49] kpionmjnkbpcdpcflammlgllecmejgjj - No path found[] nhogbcndagiknbfomjgdeghehkljalhi - C:\Program Files\GreyGray\nhogbcndagiknbfomjgdeghehkljalhi.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions dchmpbaclbiioedakpcldenooikekokm - C:\Users\Wiktor\AppData\Local\foxtab_speeddial.crx[] save. net - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold Google Docs - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Media Watch - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj AdBlock - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia GreyGray - Wiktor\AppData\Local\Chromium\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi Media Watch - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj Eliminator Slajdów - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eplekpmdodlgejgogbojajncdlapamff AdBlock - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda save. net - GOEBFF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold ==== Chrome Fix ====================== C:\Users\Wiktor\AppData\Local\Chromium\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully C:\Users\Wiktor\AppData\Local\Chromium\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold deleted successfully C:\Users\GOEBFF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0509&m=aspire_7730g" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0509&m=aspire_7730g" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {3E0D4DF8-CDC1-4D0A-89CC-8B30CFDF3DBD} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_pl" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94A1251A-68BA-B609-F270-D95B24106E94} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FA5448B8-C99D-AAB5-A1C3-2D3F2A32FAE4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bmbpbcpokffodhpcdjaoopolhdlbconi deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nhogbcndagiknbfomjgdeghehkljalhi deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news) deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update) deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gosc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gosc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wiktor\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\GOEBFF~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\GOEBFF~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wiktor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Gosc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Wiktor\AppData\Local\Chromium\User Data\Default\Cache emptied successfully C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2804 folders=526 146462408 bytes) ==== Empty Temp Folders ====================== C:\Users\Gosc\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Users\Wiktor\AppData\Local\Temp will be emptied at reboot C:\Users\GOEBFF~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wiktor\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Wiktor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on 2014-06-07 at 19:18:47,91 ======================

Dodano 07.06.2014 18:55:46:
A tu z OTL'a sorka za doublepost ale na smartphone ciężko się kopiuje i wkleja szczególnie z tą cegłą od ojca

Spoiler:

OTL logfile created on: 2014-06-07 19:28:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wiktor\Desktop Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,04% Memory free 7,39 Gb Paging File | 7,01 Gb Available in Paging File | 94,87% Paging File free Paging file location(s): c:\pagefile.sys 4599 4624 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,54 Gb Total Space | 40,67 Gb Free Space | 28,53% Space Free | Partition Type: NTFS Drive D: | 142,54 Gb Total Space | 20,15 Gb Free Space | 14,14% Space Free | Partition Type: NTFS Drive H: | 953,69 Mb Total Space | 567,28 Mb Free Space | 59,48% Space Free | Partition Type: FAT Computer Name: WIKTOR-PC | User Name: Wiktor | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - [2014-06-07 19:22:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wiktor\Desktop\OTL-1.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-01-21 04:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe ========== Modules (No Company Name) ========== MOD - [2012-06-18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll MOD - [2010-02-24 10:18:12 | 000,065,536 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\mp3wrtr.dll MOD - [2010-02-24 10:18:11 | 000,086,016 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\aviwrtr.dll MOD - [2010-02-24 10:18:11 | 000,081,920 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\aacwrtr.dll MOD - [2010-02-24 10:18:11 | 000,065,536 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\flvwrtr.dll MOD - [2010-02-24 10:18:11 | 000,049,152 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\avifformat.dll MOD - [2009-01-30 15:26:06 | 000,160,768 | ---- | M] () -- C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll ========== Services (SafeList) ========== SRV - [2014-05-29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014-05-13 14:29:22 | 001,682,768 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2014-04-16 17:16:40 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2014-04-15 16:07:50 | 000,375,056 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-04-08 19:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Stopped] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2013-04-08 19:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Stopped] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013-02-04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2013-01-31 13:21:23 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-01-24 14:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-05-13 11:05:41 | 003,471,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008-07-20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008-03-21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008-03-18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008-03-05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DKbFltr.sys -- (DKbFltr) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aghepdys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adusbser.sys -- (adusbser) DRV - [2014-04-16 17:16:47 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2014-04-16 17:16:47 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2014-04-16 17:16:47 | 000,180,760 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2014-04-16 17:16:47 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2014-04-16 17:16:47 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2014-04-16 17:16:47 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2014-04-16 17:16:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013-12-23 06:01:30 | 000,014,528 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BootDefragDriver.sys -- (BootDefragDriver) DRV - [2013-01-31 13:21:23 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012-08-20 16:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2012-08-20 16:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2012-07-03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011-04-26 09:20:00 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011-03-02 13:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2011-01-26 19:28:20 | 000,024,680 | ---- | M] (CaptainFlint Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2011-01-20 11:18:49 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011-01-17 10:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2011-01-17 09:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw) DRV - [2011-01-12 11:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2010-07-08 09:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP) DRV - [2010-07-08 09:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009-05-13 11:05:38 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2009-03-19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009-02-09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-02-09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-02-09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-02-09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2008-07-10 15:43:32 | 000,015,872 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2008-05-09 12:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008-04-28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008-04-21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-04-17 15:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-02-29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008-01-16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007-03-28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007-02-08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2007-01-26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006-08-29 00:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem) DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com?searchso [Binary data over 200 bytes] IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\URLSearchHook: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - No CLSID value found IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes\{3E0D4DF8-CDC1-4D0A-89CC-8B30CFDF3DBD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_pl IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.8.0.8 FF - prefs.js..extensions.enabledAddons: {32b29df0-2237-4370-9a29-37cebb730e9b}:3.9.0.3 FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.10.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files\GameSpy\Comrade\npcomrade.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wiktor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wiktor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Wiktor\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-11 19:47:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-02-24 10:19:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-16 17:16:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaWatchV1home846.net: C:\Program Files\MediaWatchV1\MediaWatchV1home846\ff [2014-03-23 12:03:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Firefox\plugins [2009-07-16 12:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Extensions [2014-06-07 19:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Firefox\Profiles\xprqsvtf.default\extensions [2010-04-28 00:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-06-07 19:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}-trash [2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Wiktor\AppData\Roaming\mozilla\firefox\profiles\xprqsvtf.default\searchplugins\startsear.xml [2014-03-23 12:03:02 | 000,000,000 | ---D | M] (Media Watch) -- C:\PROGRAM FILES\MEDIAWATCHV1\MEDIAWATCHV1HOME846\FF File not found (No name found) -- C:\USERS\WIKTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XPRQSVTF.DEFAULT\EXTENSIONS\{32B29DF0-2237-4370-9A29-37CEBB730E9B} File not found (No name found) -- C:\USERS\WIKTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XPRQSVTF.DEFAULT\EXTENSIONS\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} File not found (No name found) -- C:\USERS\WIKTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XPRQSVTF.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Error reading preferences file CHR - Extension: Media Watch = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj\1.1_0\ CHR - Extension: Media Watch = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj\1.1_1\ CHR - Extension: No name found = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eplekpmdodlgejgogbojajncdlapamff\3.0.7_0\ CHR - Extension: No name found = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\ CHR - Extension: No name found = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - No CLSID value found. O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O3 - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [BANDICAM] C:\Program Files\Bandicam\bdcam.exe (www.Bandisoft.com) O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [EADM] D:\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [uTorrent] C:\Users\Wiktor\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 - %SystemRoot%\System32\mswsock.dll File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96EA29A9-DD3D-463B-BC96-0F14063CE428}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Wiktor\Desktop\Szopen\Background5 Czerwone iskry.jpg O24 - Desktop BackupWallPaper: C:\Users\Wiktor\Desktop\Szopen\Background5 Czerwone iskry.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2014-02-25 17:36:41 | 000,000,000 | ---D | M] - D:\AutoSavy Minecraft -- [ NTFS ] O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\AutoRun\command - "" = F:\kratakje\\\tospoj.exe O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\explore\command - "" = F:\kratakje\\\tospoj.exe O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\Install\command - "" = F:\kratakje\\\tospoj.exe O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\open\command - "" = F:\kratakje\\\tospoj.exe O33 - MountPoints2\{064346f5-7f86-11e3-b791-00304f26f139}\Shell - "" = AutoRun O33 - MountPoints2\{064346f5-7f86-11e3-b791-00304f26f139}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{4b9accb7-64c0-11de-8eb6-00238b92ab2f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{5ea1b87d-78e8-11de-a268-00238b92ab2f}\Shell - "" = AutoRun O33 - MountPoints2\{5ea1b87d-78e8-11de-a268-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{5ea1b87f-78e8-11de-a268-00238b92ab2f}\Shell - "" = AutoRun O33 - MountPoints2\{5ea1b87f-78e8-11de-a268-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6fda0082-751e-11de-a8d3-00238b92ab2f}\Shell - "" = AutoRun O33 - MountPoints2\{6fda0082-751e-11de-a8d3-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6fda00aa-751e-11de-a8d3-00238b92ab2f}\Shell - "" = AutoRun O33 - MountPoints2\{6fda00aa-751e-11de-a8d3-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8db1301c-d39c-11de-95af-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8db1301c-d39c-11de-95af-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a7b94954-8af5-11de-9acf-00238b92ab2f}\Shell - "" = AutoRun O33 - MountPoints2\{a7b94954-8af5-11de-9acf-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b40084e2-7f30-11de-9698-00238b92ab2f}\Shell - "" = AutoRun O33 - MountPoints2\{b40084e2-7f30-11de-9698-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d572e418-3ed8-11de-ac50-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d572e418-3ed8-11de-ac50-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cda_menu.exe O33 - MountPoints2\{e8ad7edc-6fd5-11e0-b1bf-00304f26f139}\Shell - "" = AutoRun O33 - MountPoints2\{e8ad7edc-6fd5-11e0-b1bf-00304f26f139}\Shell\AutoRun\command - "" = F:\CD2.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 7 Days ========== [2014-06-07 19:24:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wiktor\Desktop\OTL-1.exe [2014-06-07 19:19:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014-06-07 19:10:48 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2014-06-07 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Wiktor\AppData\Local\Temp [2014-06-07 14:51:22 | 000,000,000 | ---D | C] -- C:\zoek_backup [2014-06-07 06:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft [2014-06-03 19:23:11 | 000,000,000 | ---D | C] -- C:\Users\Wiktor\Desktop\!BandiCam Całość [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 7 Days ========== [2014-06-07 19:24:01 | 000,713,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-06-07 19:24:01 | 000,633,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-06-07 19:24:01 | 000,151,144 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-06-07 19:24:01 | 000,119,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-06-07 19:23:56 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2014-06-07 19:22:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wiktor\Desktop\OTL-1.exe [2014-06-07 19:17:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-06-07 19:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014-06-07 19:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014-06-07 18:45:52 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2014-06-07 17:20:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2014-06-07 14:21:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2014-06-07 06:11:03 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job [2014-06-06 21:53:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-06-06 20:11:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000UA.job [2014-06-06 19:59:04 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2014-06-06 15:35:49 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-06-05 20:48:22 | 000,065,667 | ---- | M] () -- C:\Users\Wiktor\Desktop\gks_katowice_dopuki_walczysz.jpg [2014-06-04 20:18:34 | 000,017,541 | ---- | M] () -- C:\Users\Wiktor\Desktop\ada podobasz xd.jpg [2014-06-03 19:22:57 | 000,136,192 | ---- | M] () -- C:\Users\Wiktor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-06-03 14:11:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000Core.job [2014-06-02 18:41:18 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014-06-07 19:10:49 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2014-06-05 20:48:22 | 000,065,667 | ---- | C] () -- C:\Users\Wiktor\Desktop\gks_katowice_dopuki_walczysz.jpg [2014-06-04 20:18:34 | 000,017,541 | ---- | C] () -- C:\Users\Wiktor\Desktop\ada podobasz xd.jpg [2014-06-02 18:41:18 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn [2014-06-02 18:41:18 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for [2014-04-27 12:43:51 | 000,000,132 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\Preferencje Adobe CS5 dla formatu BMP [2014-03-23 12:03:50 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014-03-17 18:12:57 | 000,008,484 | ---- | C] () -- C:\Users\Wiktor\AppData\Local\d3d9caps.dat [2014-01-07 16:09:20 | 000,082,072 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2014-01-06 16:10:22 | 000,000,302 | ---- | C] () -- C:\Windows\Fakturka.ini [2013-12-19 17:33:15 | 000,000,132 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2013-12-19 10:21:04 | 000,000,142 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\WB.CFG [2013-09-14 12:26:43 | 000,002,698 | ---- | C] () -- C:\Users\Wiktor\.recently-used.xbel [2013-09-14 11:38:32 | 000,000,250 | ---- | C] () -- C:\Windows\thug2.ini [2013-07-04 14:53:16 | 000,000,258 | ---- | C] () -- C:\Windows\thug.ini [2013-07-01 18:40:05 | 000,000,706 | ---- | C] () -- C:\Windows\Thps3.INI [2013-04-23 15:21:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2013-04-18 20:58:39 | 000,836,608 | ---- | C] () -- C:\Program Files\The Pivot Animation.exe [2013-03-19 13:21:35 | 000,180,760 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013-03-19 13:21:34 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2012-12-02 16:47:52 | 002,872,000 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2012-12-02 16:47:51 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2012-12-02 16:46:57 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2012-10-28 18:07:49 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2012-03-16 23:30:37 | 000,016,384 | -H-- | C] () -- C:\Users\Wiktor\photothumb.db [2011-09-10 19:26:35 | 000,138,056 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\PnkBstrK.sys [2011-05-25 20:05:11 | 005,844,955 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\BabysMod.zip [2011-03-26 16:21:59 | 005,168,286 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\World1.zip [2011-03-17 19:40:57 | 000,805,085 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\MrMModsv1_8_1.zip [2010-06-16 21:07:01 | 000,000,552 | ---- | C] () -- C:\Users\Wiktor\AppData\Local\d3d8caps.dat [2010-04-04 21:06:20 | 000,033,819 | ---- | C] () -- C:\Users\Wiktor\focia.jpeg [2010-02-23 20:34:20 | 000,065,288 | ---- | C] () -- C:\Users\Wiktor\124882959213.gif [2010-02-22 15:44:07 | 000,165,686 | ---- | C] () -- C:\Users\Wiktor\serwer.jpg [2010-02-22 09:06:26 | 000,022,706 | ---- | C] () -- C:\Users\Wiktor\0ff67e799f.jpeg [2009-08-17 15:55:24 | 000,022,432 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\UserTile.png [2009-07-15 07:34:27 | 000,000,000 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\wklnhst.dat [2009-07-09 10:36:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-06-03 15:14:43 | 000,136,192 | ---- | C] () -- C:\Users\Wiktor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:C31F31E6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:671329E4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9F683177 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:580E04D8 < End of report >

Dodano 07.06.2014 19:31:44:
Tu chyba będzie lepiej widać

Zoek.exe

Spoiler:

Zoek.exe v5.0.0.0 Updated 21-05-2014
Tool run by Wiktor on 2014-06-07 at 18:45:58,23.
Microsoft� Windows Vista� Home Premium 6.0.6002 Service Pack 3 x86
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\Wiktor\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\yMicrosoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5DE3A8DF-ADD6-4BAA-8293-91996D5C39B2} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DC5ADBD2-26B5-4B06-8644-AA5450A78203} deleted successfully
HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F7DCECA4-D7CA-4672-8D92-99149B81EA8D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
Ableton Live 9 Trial
Acer Arcade Deluxe
Acer Bio Protection
Acer Crystal Eye Webcam
Acer Crystal Eye Webcam 2.0.8
Acer Crystal Eye webcam Ver:1.1.59.528
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Product Registration
Acer ScreenSaver
Adobe After Effects 7.0
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop CS5.1
Adobe Reader X (10.1.0) - Polish
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Agere Systems HDA Modem
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)
Aktualizacje NVIDIA 1.10.8
APB Reloaded
avast Free Antivirus
Bad Piggies
Bandicam
Battlefield 3t
Battlelog Web Plugins
Broadcom Gigabit Integrated Controller
BulletStorm
Bulletstorm
Camtasia Studio 8
CCleaner
Cheat Engine 6.2
Choice Guard
Clownfish for Skype
Counter-Strike 1.6 NonSteam
Counter Strike 1.6 wersja CS 1.6
Cube World
CyberLink PowerDirector
DAEMON Tools Lite
Deus Ex: Human Revolution
DirectX for Managed Code Update (Summer 2004)
Drumsite 1.7 (demo)
EA Sports FIFA World
Facebook Messenger 2.1.4814.0
Facebook Video Calling 2.0.0.447
Fakturka 1.07
Fakturka 1.30
Far Cry 2
FIFA 13
FileViewPro
Foxtab
Free Studio version 2013
FreeArc 0.666
Galeria fotografii us�ugi Windows Live
Gameforge Live 2.0.2
GamersFirst LIVE
GameSpy Comrade
GG
Giants
GIMP 2.6.11
Glary Utilities 4.3
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1050 J410 series Podstawowe oprogramowanie urz�dzenia
HP Deskjet 1050 J410 series Pomoc
IntelR Matrix Storage Manager
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 24
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 5.4.4 (Basic)
KAG 0.95A
LightScribe 1.4.142.1
LogMeIn Hamachi
Malwarebytes' Anti-Malware wersja 1.51.1.1800
Media Watch
Microsoft .NET Framework 3.5 Language Pack SP1 - plk
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (PLK)
Microsoft .NET Framework 4.5.1 (Polski)
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Polish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minecraft Pingwin Pack 4 wersja 4.0
MiniTool Partition Wizard Home Edition 7.6.1
Mount&Blade With Fire and Sword
MOV to AVI MPEG WMV Converter 6.2.0411
Mozilla Firefox 8.0.1 (x86 pl)
Mp3 Knife 3.2
MSVC80_x86
MSVCRT
Narz�dzie do przekazywania us�ugi Windows Live
Need for Speedt Most Wanted
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Security Scan
Notepad++
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Install Application
NVIDIA Oprogramowanie systemu PhysX 9.12.0604
NVIDIA PhysX
NVIDIA Sterownik d�wi�ku HD 1.3.18.0
NVIDIA Sterownik graficzny 307.83
NVIDIA Update Components
Oddworld: Abe's Exoddus (remove only)
Odkurzacz 12.6
Ogniem i Mieczem - Dzikie Pola
OpenOffice.org 3.1
Origin
Pakiet j�zykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 - PLK
Pando Media Booster
Panel sterowania NVIDIA 307.83
Paper Chase 2
PC Tools Firewall Plus 7.0
PDF Architect
PDF Editor 4
PDF Settings CS5
PDFCreator
PhotoScape
PileFile downloader
Pivot Stickfigure Animator
PlayLinc
PlayReady PC Runtime x86
Poczta us�ugi Windows Live
Podstawowe programy Windows Live
QuickTime
RAYMANM
RealPlayer
RealUpgrade 1.0
Rockstar Games Social Club
Sam and Max - Sezon 1
S�siedzi z Piek�a Rodem 1 i 2
SBKRX Superbike World Championship
Scan2PDF 1.6
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Settlers IV - Z�ota Edycja
SGP Baltie 3
SimCity 2000R Special Edition
SimCity 4 Deluxe
Skypet 6.16
Software Version Updater
Sony PC Companion 2.10.197
SPOREt
Sumotori Dreams
Sumotori Full Version
Super Mario Bros v1.0
Synaptics Pointing Device Driver
TeamSpeak 3 Client
Testy gimnazjalne 2012 CD 1 1.0
Testy gimnazjalne 2012 CD 2 1.0
Testy Sz�stoklasisty 2013
The Elder Scrolls V: Skyrim
Tony Hawk's Pro Skater 3R
Tony Hawk's Underground
Tony Hawk's Underground 2
Total Commander Ultima Prime 5.9.0.0
Transformice
Tricky Truck 2.31
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
uTorrent
Virtual Bus
VirtualBus A6C RC2.2
VirtualDJ Home FREE
Visual Basic 5.0
Visual Basic 5.0 (c:\\Windows\\system32\\)
Visual Basic 5.0 (C:\\Windows\\system32\\) #3
Visual Basic 5.0 (C:\\Windows\\system32\\) #4
Visual Basic 5.0 (C:\\Windows\\system32\\) #5
Warblade
Winbond CIR Device Drivers
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Zuma Deluxe

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Users\Wiktor\Downloads\zoek.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\update GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\update GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\util GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\util GreyGray deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Wiktor\AppData\Roaming\GG\Profiles\53l1vrvv.3785755

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1905_.backup

ProfilePath: C:\Users\Wiktor\AppData\Roaming\GG\Profiles\9v8bvgnp.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1905_.backup

ProfilePath: C:\Users\Wiktor\AppData\Roaming\GG\Profiles\default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1905_.backup

ProfilePath: C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.startup.homepage", "http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43");
user_pref("keyword.URL", "http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43&l=1&q=");
---- Lines 75656794-AB59-4712-BFBC-5D816D56F3BC modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs__1905_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\GreyGray deleted
C:\Users\Wiktor\AppData\LocalLow\{282DE089-87FA-0B95-F465-6395DD118ED5} deleted
C:\Users\Wiktor\AppData\LocalLow\{8639372A-8EA5-5EE7-A6EE-2A33B047FC01} deleted
C:\Users\Wiktor\AppData\LocalLow\{9D51A665-5010-6D16-9339-4E0B6AB3C4E4} deleted
C:\Users\Wiktor\AppData\Local\genienext deleted
C:\Users\Wiktor\daemonprocess.txt deleted
C:\Users\Wiktor\.android deleted
C:\PROGRA~2\surf and keep deleted
C:\Program Files\surf and keep deleted
C:\PROGRA~2\SearchNewTab deleted
C:\Program Files\SearchNewTab deleted
C:\PROGRA~2\YoutubeAdblocker deleted
C:\Program Files\YoutubeAdblocker deleted
C:\Program Files\Mobogenie deleted
C:\Program Files\Foxtab deleted
C:\Program Files\GS Supporter deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\found.000 deleted
C:\found.001 deleted
C:\Users\Wiktor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk deleted
C:\Users\Wiktor\AppData\Roaming\newnext.me deleted
C:\Users\Wiktor\AppData\Roaming\FoxTab deleted
C:\Users\Wiktor\AppData\Roaming\SkypEmoticons deleted
C:\Users\Wiktor\AppData\Roaming\Babylon deleted
C:\Users\Wiktor\AppData\Roaming\Oxy deleted
C:\Users\Wiktor\AppData\Roaming\Search Settings deleted
C:\Users\Wiktor\AppData\Roaming\pdfforge deleted
C:\Users\GOEBFF~1\AppData\Roaming\Babylon deleted
C:\PROGRA~2\AlawarWrapper deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Babylon deleted
C:\PROGRA~2\Package Cache deleted
C:\PROGRA~2\Trymedia deleted
C:\Users\Wiktor\AppData\Local\foxtab_speeddial.crx deleted
C:\Users\Wiktor\AppData\Local\Oxy deleted
C:\Users\Wiktor\AppData\Local\uTorrentBar deleted
C:\Users\Wiktor\AppData\Local\Mobogenie deleted
C:\Users\Wiktor\AppData\Local\cache deleted
C:\Users\Wiktor\AppData\Local\SwvUpdater deleted
C:\Users\Wiktor\AppData\Local\Babylon deleted
C:\Users\Wiktor\AppData\Local\Conduit deleted
C:\Users\Wiktor\AppData\LocalLow\MyWebSearch deleted
C:\Users\Wiktor\AppData\LocalLow\facemoods.com deleted
C:\Users\Wiktor\AppData\LocalLow\XfireXO deleted
C:\Users\Wiktor\AppData\LocalLow\Conduit deleted
C:\Users\Wiktor\AppData\LocalLow\FunWebProducts deleted
C:\Users\Wiktor\AppData\LocalLow\Toolbar4 deleted
C:\Users\GOEBFF~1\AppData\LocalLow\MyWebSearch deleted
C:\Users\GOEBFF~1\AppData\LocalLow\XfireXO deleted
C:\Users\GOEBFF~1\AppData\LocalLow\uTorrentBar deleted
C:\Users\GOEBFF~1\AppData\LocalLow\PriceGong deleted
C:\Users\GOEBFF~1\AppData\LocalLow\Conduit deleted
C:\Users\GOEBFF~1\AppData\LocalLow\ConduitEngine deleted
C:\Users\GOEBFF~1\AppData\LocalLow\FunWebProducts deleted
C:\Users\GOEBFF~1\AppData\LocalLow\Toolbar4 deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\tasks\RunAsStdUser Task deleted
C:\Windows\tasks\FoxTab.job deleted
C:\Windows\system32\tasks\FoxTab deleted
C:\Windows\System32\AI_RecycleBin deleted
C:\Users\Wiktor\Documents\Mobogenie deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\askcom.xml deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\daemon-search.xml deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\mywebsearch.xml deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\search.xml deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\WebSearch.xml deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\staged deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\CT2304157 deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\CT2704262 deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\CT2786678 deleted
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\conduit deleted
C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\conduitCommon deleted
"C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default\searchplugins\conduit.xml" deleted
"C:\PROGRA~2\af2e70bf1cd45ebd\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~2\af2e70bf1cd45ebd\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}" deleted
"C:\PROGRA~2\af2e70bf1cd45ebd\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}.old" deleted
"C:\PROGRA~2\af2e70bf1cd45ebd\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted
"C:\PROGRA~2\af2e70bf1cd45ebd\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\Users\Wiktor\AppData\Roaming\XnView\category.db" deleted
"C:\Users\Wiktor\AppData\Roaming\XnView\XnView.db" deleted
"C:\PROGRA~2\af2e70bf1cd45ebd" deleted
"C:\Users\Wiktor\AppData\Roaming\XnView" deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"BANDICAM"="C:\Program Files\Bandicam\bdcam.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"uTorrent"="C:\Users\Wiktor\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"EADM"="D:\Origin\Origin.exe -AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"PLFSetI"="C:\Windows\PLFSetI.exe"
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe show"
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe -s"
"LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"BANDICAM"="C:\Program Files\Bandicam\bdcam.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"uTorrent"="C:\Users\Wiktor\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"EADM"="D:\Origin\Origin.exe -AutoStart"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\websea~1\\sprote~1.dll"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS5.5ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\CS5.5ServiceManager\\CS5.5ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Clownfish]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Clownfish"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Clownfish\\Clownfish.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ePower_DMC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ePower_DMC"
"hkey"="HKLM"
"command"="C:\\Program Files\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Wiktor\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GameXN"
"hkey"="HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN (news)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GameXN (news)"
"hkey"="HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN (update)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GameXN (update)"
"hkey"="HKCU"
"command"="\"C:\\ProgramData\\GameXN\\GameXNGO.exe\" /u"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GG"
"hkey"="HKCU"
"command"="\"C:\\Users\\Wiktor\\AppData\\Local\\GG\\Application\\gghub.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Wiktor\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes Anti-Malware (reboot)"
"hkey"="HKLM"
"command"="\"C:\\Skanery\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware (reboot)"
"hkey"="HKLM"
"command"="\"C:\\Skanery\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCplDaemon"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Odkurzacz-MCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Odkurzacz-MCD"
"hkey"="HKCU"
"command"="C:\\Program Files\\Odkurzacz\\odk_mcd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sony PC Companion"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"D:\\Gry\\Utorrent\\uTorrent.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"item"="Adobe Gamma"
"path"="C:\\Users\\Wiktor\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
"item"="Facebook Messenger"
"path"="C:\\Users\\Wiktor\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Facebook Messenger.lnk"
"backup"="C:\\Windows\\pss\\Facebook Messenger.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Wiktor\\AppData\\Local\\Facebook\\MESSEN~1\\214814~1.0\\FACEBO~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
"item"="GamersFirst LIVE!"
"path"="C:\\Users\\Wiktor\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GamersFirst LIVE!.lnk"
"backup"="C:\\Windows\\pss\\GamersFirst LIVE!.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Wiktor\\AppData\\Local\\GAMERS~2\\LIVE!\\Live.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
"item"="Orion"
"backup"="C:\\Windows\\pss\\Orion.lnk.Startup"
"backupExtension"=".Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Wiktor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
"item"="Xfire"
"backup"="C:\\Windows\\pss\\Xfire.lnk.Startup"
"backupExtension"=".Startup"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\AmiUpdXp.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000UA.job --a------ C:\Users\Wiktor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-26 14:06]
C:\Windows\tasks\GlaryInitialize 4.job --a------ C:\Program Files\Glary Utilities 4\Initialize.exe [2013-12-24 04:02]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-03 10:36]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-03 10:36]
C:\Windows\tasks\Norton Security Scan for Wiktor.job --a------ C:\Program Files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-01 19:58]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Wiktor-PC-Wiktor" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000Core" [C:\Users\Wiktor\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000UA" [C:\Users\Wiktor\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\GlaryInitialize 4" [C:\Program Files\Glary Utilities 4\Initialize.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Norton Security Scan for Wiktor" [C:\Program Files\Norton Security Scan\Engine\2.3.0.44\Nss.exe]
"C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-993344782-977236109-1894507152-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-993344782-977236109-1894507152-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\{E127DCF2-2767-4C58-A9E3-BC6E8287CBA7}" ["c:\users\wiktor\appdata\local\google\chrome\application\chrome.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ext@MediaWatchV1home846.net"="C:\Program Files\MediaWatchV1\MediaWatchV1home846\ff" [2014-03-23 12:03]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default
- Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home846\ff
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Undetermined - %ProfilePath%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}-trash

==== Firefox Plugins ======================

Profilepath: C:\Users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\xprqsvtf.default
5AD4E19D583FA285F4B5CCB7784A28C2 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
C47920B4F36C19F97BD2EC19481387E5 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U24
8E2810B436C017FBAD000FE6DD032462 - C:\ProgramData\Gadu-Gadu 10\_userdata\npgg.4.dll - Gadu-Gadu Plug-in
BCA175A4D68910B97C9391F2B5F02A4D - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live� Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
FC3AED6C55AD01E421F7ED806A34F2F4 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll - RealPlayer Version Plugin
287DE6B593674F6E717601FBAC5E64B7 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
6DADEF4C86EFED0F9A80465AB2D305C1 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bmbpbcpokffodhpcdjaoopolhdlbconi - No path found[]
dchmpbaclbiioedakpcldenooikekokm - C:\Users\Wiktor\AppData\Local\foxtab_speeddial.crx[]
dhkplhfnhceodhffomolpfigojocbpcb - No path found[]
eidphapafeokcphbgnlebckpcpebcfnj - C:\Program Files\MediaWatchV1\MediaWatchV1home846\ch\MediaWatchV1home846.crx[2014-03-20 16:49]
kpionmjnkbpcdpcflammlgllecmejgjj - No path found[]
nhogbcndagiknbfomjgdeghehkljalhi - C:\Program Files\GreyGray\nhogbcndagiknbfomjgdeghehkljalhi.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
dchmpbaclbiioedakpcldenooikekokm - C:\Users\Wiktor\AppData\Local\foxtab_speeddial.crx[]

save. net - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold
Google Docs - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Media Watch - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj
AdBlock - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Gosc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
GreyGray - Wiktor\AppData\Local\Chromium\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi
Media Watch - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj
Eliminator Slajdów - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eplekpmdodlgejgogbojajncdlapamff
AdBlock - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
save. net - GOEBFF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold

==== Chrome Fix ======================

C:\Users\Wiktor\AppData\Local\Chromium\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully
C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully
C:\Users\Wiktor\AppData\Local\Chromium\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold deleted successfully
C:\Users\GOEBFF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcpafmlgkfgeafefjldjbjofhgliold deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0509&m=aspire_7730g"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.searchguru.info/?pid=1387&r=2013/12/10&hid=3205378870443118577&lg=EN&cc=PL&unqvl=43"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0509&m=aspire_7730g"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{3E0D4DF8-CDC1-4D0A-89CC-8B30CFDF3DBD} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_pl"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94A1251A-68BA-B609-F270-D95B24106E94} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FA5448B8-C99D-AAB5-A1C3-2D3F2A32FAE4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bmbpbcpokffodhpcdjaoopolhdlbconi deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nhogbcndagiknbfomjgdeghehkljalhi deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news) deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update) deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gosc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gosc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Wiktor\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GOEBFF~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GOEBFF~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Wiktor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Gosc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Wiktor\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2804 folders=526 146462408 bytes)

==== Empty Temp Folders ======================

C:\Users\Gosc\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\Wiktor\AppData\Local\Temp will be emptied at reboot
C:\Users\GOEBFF~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Wiktor\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Wiktor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 2014-06-07 at 19:18:47,91 ======================

OTL

Spoiler:

��OTL logfile created on: 2014-06-07 19:28:04 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wiktor\Desktop

Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd



2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,04% Memory free

7,39 Gb Paging File | 7,01 Gb Available in Paging File | 94,87% Paging File free

Paging file location(s): c:\pagefile.sys 4599 4624 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142,54 Gb Total Space | 40,67 Gb Free Space | 28,53% Space Free | Partition Type: NTFS

Drive D: | 142,54 Gb Total Space | 20,15 Gb Free Space | 14,14% Space Free | Partition Type: NTFS

Drive H: | 953,69 Mb Total Space | 567,28 Mb Free Space | 59,48% Space Free | Partition Type: FAT



Computer Name: WIKTOR-PC | User Name: Wiktor | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days



========== Processes (SafeList) ==========



PRC - [2014-06-07 19:22:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wiktor\Desktop\OTL-1.exe

PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008-01-21 04:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe





========== Modules (No Company Name) ==========



MOD - [2012-06-18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll

MOD - [2010-02-24 10:18:12 | 000,065,536 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\mp3wrtr.dll

MOD - [2010-02-24 10:18:11 | 000,086,016 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\aviwrtr.dll

MOD - [2010-02-24 10:18:11 | 000,081,920 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\aacwrtr.dll

MOD - [2010-02-24 10:18:11 | 000,065,536 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\flvwrtr.dll

MOD - [2010-02-24 10:18:11 | 000,049,152 | ---- | M] () -- c:\Program Files\Real\RealPlayer\converter\Plugins\avifformat.dll

MOD - [2009-01-30 15:26:06 | 000,160,768 | ---- | M] () -- C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll





========== Services (SafeList) ==========



SRV - [2014-05-29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014-05-13 14:29:22 | 001,682,768 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2014-04-16 17:16:40 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2014-04-15 16:07:50 | 000,375,056 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013-04-08 19:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Stopped] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)

SRV - [2013-04-08 19:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Stopped] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)

SRV - [2013-02-04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2013-01-31 13:21:23 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011-01-24 14:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)

SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009-05-13 11:05:41 | 003,471,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)

SRV - [2008-07-20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008-03-21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008-03-18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008-03-05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008-01-16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)





========== Driver Services (SafeList) ==========



DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DKbFltr.sys -- (DKbFltr)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aghepdys)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adusbser.sys -- (adusbser)

DRV - [2014-04-16 17:16:47 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2014-04-16 17:16:47 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2014-04-16 17:16:47 | 000,180,760 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2014-04-16 17:16:47 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2014-04-16 17:16:47 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2014-04-16 17:16:47 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2014-04-16 17:16:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013-12-23 06:01:30 | 000,014,528 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)

DRV - [2013-01-31 13:21:23 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012-08-20 16:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)

DRV - [2012-08-20 16:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)

DRV - [2012-07-03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2011-04-26 09:20:00 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2011-03-02 13:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)

DRV - [2011-01-26 19:28:20 | 000,024,680 | ---- | M] (CaptainFlint Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)

DRV - [2011-01-20 11:18:49 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011-01-17 10:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2011-01-17 09:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)

DRV - [2011-01-12 11:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)

DRV - [2010-07-08 09:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP)

DRV - [2010-07-08 09:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis)

DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2009-05-13 11:05:38 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)

DRV - [2009-03-19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009-02-09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009-02-09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009-02-09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009-02-09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)

DRV - [2008-07-10 15:43:32 | 000,015,872 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)

DRV - [2008-05-09 12:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2008-04-28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)

DRV - [2008-04-21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008-04-17 15:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008-02-29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008-01-16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)

DRV - [2007-03-28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

DRV - [2007-02-08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)

DRV - [2007-01-26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2006-08-29 00:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem)

DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC





IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0







IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com?searchso [Binary data over 200 bytes]

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\URLSearchHook: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - No CLSID value found

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes\{3E0D4DF8-CDC1-4D0A-89CC-8B30CFDF3DBD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_pl

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-993344782-977236109-1894507152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========



FF - prefs.js..extensions.enabledAddons: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.8.0.8

FF - prefs.js..extensions.enabledAddons: {32b29df0-2237-4370-9a29-37cebb730e9b}:3.9.0.3

FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.10.0.1

FF - user.js - File not found



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files\GameSpy\Comrade\npcomrade.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wiktor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wiktor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Wiktor\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-11 19:47:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-02-24 10:19:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-16 17:16:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaWatchV1home846.net: C:\Program Files\MediaWatchV1\MediaWatchV1home846\ff [2014-03-23 12:03:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Firefox\plugins



[2009-07-16 12:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Extensions

[2014-06-07 19:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Firefox\Profiles\xprqsvtf.default\extensions

[2010-04-28 00:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2014-06-07 19:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiktor\AppData\Roaming\mozilla\Firefox\Profiles\xprqsvtf.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}-trash

[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Wiktor\AppData\Roaming\mozilla\firefox\profiles\xprqsvtf.default\searchplugins\startsear.xml

[2014-03-23 12:03:02 | 000,000,000 | ---D | M] (Media Watch) -- C:\PROGRAM FILES\MEDIAWATCHV1\MEDIAWATCHV1HOME846\FF

File not found (No name found) -- C:\USERS\WIKTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XPRQSVTF.DEFAULT\EXTENSIONS\{32B29DF0-2237-4370-9A29-37CEBB730E9B}

File not found (No name found) -- C:\USERS\WIKTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XPRQSVTF.DEFAULT\EXTENSIONS\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}

File not found (No name found) -- C:\USERS\WIKTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XPRQSVTF.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}



========== Chrome ==========



CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Error reading preferences file

CHR - Extension: Media Watch = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj\1.1_0\

CHR - Extension: Media Watch = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidphapafeokcphbgnlebckpcpebcfnj\1.1_1\

CHR - Extension: No name found = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eplekpmdodlgejgogbojajncdlapamff\3.0.7_0\

CHR - Extension: No name found = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\

CHR - Extension: No name found = C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\



O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - No CLSID value found.

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.

O3 - HKU\S-1-5-21-993344782-977236109-1894507152-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [BANDICAM] C:\Program Files\Bandicam\bdcam.exe (www.Bandisoft.com)

O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [EADM] D:\Origin\Origin.exe (Electronic Arts)

O4 - HKU\S-1-5-21-993344782-977236109-1894507152-1000..\Run: [uTorrent] C:\Users\Wiktor\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found

O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 - %SystemRoot%\System32\mswsock.dll File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96EA29A9-DD3D-463B-BC96-0F14063CE428}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)

O24 - Desktop WallPaper: C:\Users\Wiktor\Desktop\Szopen\Background5 Czerwone iskry.jpg

O24 - Desktop BackupWallPaper: C:\Users\Wiktor\Desktop\Szopen\Background5 Czerwone iskry.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2014-02-25 17:36:41 | 000,000,000 | ---D | M] - D:\AutoSavy Minecraft -- [ NTFS ]

O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\AutoRun\command - "" = F:\kratakje\\\tospoj.exe

O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\explore\command - "" = F:\kratakje\\\tospoj.exe

O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\Install\command - "" = F:\kratakje\\\tospoj.exe

O33 - MountPoints2\{00d28337-f7c8-11df-830b-00304f26f139}\Shell\open\command - "" = F:\kratakje\\\tospoj.exe

O33 - MountPoints2\{064346f5-7f86-11e3-b791-00304f26f139}\Shell - "" = AutoRun

O33 - MountPoints2\{064346f5-7f86-11e3-b791-00304f26f139}\Shell\AutoRun\command - "" = H:\Startme.exe

O33 - MountPoints2\{4b9accb7-64c0-11de-8eb6-00238b92ab2f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{5ea1b87d-78e8-11de-a268-00238b92ab2f}\Shell - "" = AutoRun

O33 - MountPoints2\{5ea1b87d-78e8-11de-a268-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{5ea1b87f-78e8-11de-a268-00238b92ab2f}\Shell - "" = AutoRun

O33 - MountPoints2\{5ea1b87f-78e8-11de-a268-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6fda0082-751e-11de-a8d3-00238b92ab2f}\Shell - "" = AutoRun

O33 - MountPoints2\{6fda0082-751e-11de-a8d3-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6fda00aa-751e-11de-a8d3-00238b92ab2f}\Shell - "" = AutoRun

O33 - MountPoints2\{6fda00aa-751e-11de-a8d3-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{8db1301c-d39c-11de-95af-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{8db1301c-d39c-11de-95af-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{a7b94954-8af5-11de-9acf-00238b92ab2f}\Shell - "" = AutoRun

O33 - MountPoints2\{a7b94954-8af5-11de-9acf-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b40084e2-7f30-11de-9698-00238b92ab2f}\Shell - "" = AutoRun

O33 - MountPoints2\{b40084e2-7f30-11de-9698-00238b92ab2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{d572e418-3ed8-11de-ac50-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d572e418-3ed8-11de-ac50-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cda_menu.exe

O33 - MountPoints2\{e8ad7edc-6fd5-11e0-b1bf-00304f26f139}\Shell - "" = AutoRun

O33 - MountPoints2\{e8ad7edc-6fd5-11e0-b1bf-00304f26f139}\Shell\AutoRun\command - "" = F:\CD2.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)



========== Files/Folders - Created Within 7 Days ==========



[2014-06-07 19:24:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wiktor\Desktop\OTL-1.exe

[2014-06-07 19:19:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014-06-07 19:10:48 | 000,000,000 | ---D | C] -- C:\Windows\Temp

[2014-06-07 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Wiktor\AppData\Local\Temp

[2014-06-07 14:51:22 | 000,000,000 | ---D | C] -- C:\zoek_backup

[2014-06-07 06:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft

[2014-06-03 19:23:11 | 000,000,000 | ---D | C] -- C:\Users\Wiktor\Desktop\!BandiCam CaB
o[



[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



========== Files - Modified Within 7 Days ==========



[2014-06-07 19:24:01 | 000,713,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2014-06-07 19:24:01 | 000,633,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014-06-07 19:24:01 | 000,151,144 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2014-06-07 19:24:01 | 000,119,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014-06-07 19:23:56 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn

[2014-06-07 19:22:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wiktor\Desktop\OTL-1.exe

[2014-06-07 19:17:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014-06-07 19:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2014-06-07 19:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2014-06-07 18:45:52 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe

[2014-06-07 17:20:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2014-06-07 14:21:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2014-06-07 06:11:03 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job

[2014-06-06 21:53:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014-06-06 20:11:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000UA.job

[2014-06-06 19:59:04 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job

[2014-06-06 15:35:49 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014-06-05 20:48:22 | 000,065,667 | ---- | M] () -- C:\Users\Wiktor\Desktop\gks_katowice_dopuki_walczysz.jpg

[2014-06-04 20:18:34 | 000,017,541 | ---- | M] () -- C:\Users\Wiktor\Desktop\ada podobasz xd.jpg

[2014-06-03 19:22:57 | 000,136,192 | ---- | M] () -- C:\Users\Wiktor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014-06-03 14:11:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-993344782-977236109-1894507152-1000Core.job

[2014-06-02 18:41:18 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



========== Files Created - No Company Name ==========



[2014-06-07 19:10:49 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe

[2014-06-05 20:48:22 | 000,065,667 | ---- | C] () -- C:\Users\Wiktor\Desktop\gks_katowice_dopuki_walczysz.jpg

[2014-06-04 20:18:34 | 000,017,541 | ---- | C] () -- C:\Users\Wiktor\Desktop\ada podobasz xd.jpg

[2014-06-02 18:41:18 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn

[2014-06-02 18:41:18 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for

[2014-04-27 12:43:51 | 000,000,132 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\Preferencje Adobe CS5 dla formatu BMP

[2014-03-23 12:03:50 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2014-03-17 18:12:57 | 000,008,484 | ---- | C] () -- C:\Users\Wiktor\AppData\Local\d3d9caps.dat

[2014-01-07 16:09:20 | 000,082,072 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe

[2014-01-06 16:10:22 | 000,000,302 | ---- | C] () -- C:\Windows\Fakturka.ini

[2013-12-19 17:33:15 | 000,000,132 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG

[2013-12-19 10:21:04 | 000,000,142 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\WB.CFG

[2013-09-14 12:26:43 | 000,002,698 | ---- | C] () -- C:\Users\Wiktor\.recently-used.xbel

[2013-09-14 11:38:32 | 000,000,250 | ---- | C] () -- C:\Windows\thug2.ini

[2013-07-04 14:53:16 | 000,000,258 | ---- | C] () -- C:\Windows\thug.ini

[2013-07-01 18:40:05 | 000,000,706 | ---- | C] () -- C:\Windows\Thps3.INI

[2013-04-23 15:21:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll

[2013-04-18 20:58:39 | 000,836,608 | ---- | C] () -- C:\Program Files\The Pivot Animation.exe

[2013-03-19 13:21:35 | 000,180,760 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013-03-19 13:21:34 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2012-12-02 16:47:52 | 002,872,000 | ---- | C] () -- C:\Windows\System32\pwNative.exe

[2012-12-02 16:47:51 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys

[2012-12-02 16:46:57 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys

[2012-10-28 18:07:49 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat

[2012-03-16 23:30:37 | 000,016,384 | -H-- | C] () -- C:\Users\Wiktor\photothumb.db

[2011-09-10 19:26:35 | 000,138,056 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\PnkBstrK.sys

[2011-05-25 20:05:11 | 005,844,955 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\BabysMod.zip

[2011-03-26 16:21:59 | 005,168,286 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\World1.zip

[2011-03-17 19:40:57 | 000,805,085 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\MrMModsv1_8_1.zip

[2010-06-16 21:07:01 | 000,000,552 | ---- | C] () -- C:\Users\Wiktor\AppData\Local\d3d8caps.dat

[2010-04-04 21:06:20 | 000,033,819 | ---- | C] () -- C:\Users\Wiktor\focia.jpeg

[2010-02-23 20:34:20 | 000,065,288 | ---- | C] () -- C:\Users\Wiktor\124882959213.gif

[2010-02-22 15:44:07 | 000,165,686 | ---- | C] () -- C:\Users\Wiktor\serwer.jpg

[2010-02-22 09:06:26 | 000,022,706 | ---- | C] () -- C:\Users\Wiktor\0ff67e799f.jpeg

[2009-08-17 15:55:24 | 000,022,432 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\UserTile.png

[2009-07-15 07:34:27 | 000,000,000 | ---- | C] () -- C:\Users\Wiktor\AppData\Roaming\wklnhst.dat

[2009-07-09 10:36:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009-06-03 15:14:43 | 000,136,192 | ---- | C] () -- C:\Users\Wiktor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini



========== ZeroAccess Check ==========



[2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini



[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]



[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both



========== Alternate Data Streams ==========



@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:C31F31E6

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:671329E4

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9F683177

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:131C0EE9

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8

@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:580E04D8



< End of report >

Dodano 07.06.2014 19:39:18:
Tylko nie ma polskich znaków. Taki urok smartphone jeśli potrzeba będzie tych polskich znaków to pobiore jakiś inny edytor tekstu na fona.Skany są z laptopa

[NieWiem]

Przepraszam za brak obecności, ale praca przez ostatnie kilka dni mnie pochłonęła.

Jeśli potrzebujesz dalej pomocy, daj znać i będziemy robić dalej.