Sign in to follow this  
Followers 0
Pozytywna

Jak usunąć Topic torch

10 posts in this topic

Nie mam pojęcia czy dobrze wyszło robiłam kilka razy niby w linku pisało że ma wyjść "OTL.txt oraz Extras.txt" tak wyszło na początku ale nie miałam oznaczonego tak jak tam to usunęłam potem zrobiłam tak jak tam i już nie wyskoczyło szczerze nie mam pojęcia o co chodzi a jak zrobiłam tak samo jak na początku to już nie wyświetla się Extras, nie mam pojęcia teraz czy mam zaznaczać to infekcja LOP i Purity oraz to "wszyscy użytkownicy ? Co zrobić by wyskoczyło razem z tym Extras ?

 

Zrobiłam otl, ale nie mam pojęcia czy dobrze gdyż nie wyskoczył również Extras

Zaznaczyłam tylko "wszyscy użytkownicy" niczego innego nie zmieniłam, czy dobrze ?

[log]

OTL logfile created on: 2014-02-22 20:00:38 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 26,49% Memory free
4,00 Gb Paging File | 1,88 Gb Available in Paging File | 47,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,60 Gb Total Space | 55,14 Gb Free Space | 48,97% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 581,29 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
 
Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-02-22 19:54:35 | 000,111,392 | ---- | M] () -- C:\Program Files\FindRight\bin\utilFindRight.exe
PRC - [2014-02-22 19:08:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2014-02-21 15:37:29 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014-02-21 05:27:17 | 001,727,264 | ---- | M] () -- C:\Program Files\FindRight\FindRight.FirstRun.exe
PRC - [2014-02-21 05:26:24 | 000,111,392 | ---- | M] () -- C:\Program Files\FindRight\updateFindRight.exe
PRC - [2014-02-15 20:30:31 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014-01-24 17:47:58 | 005,297,432 | ---- | M] (Piriform Ltd) -- C:\Program Files\Speccy\Speccy.exe
PRC - [2014-01-16 01:40:24 | 000,277,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
PRC - [2013-12-18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-11-01 11:50:00 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013-11-01 11:34:26 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-08-02 01:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013-06-06 22:59:45 | 001,925,656 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
PRC - [2013-06-05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2013-01-18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013-01-18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-09-20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012-01-04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012-01-04 21:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-02-21 15:37:29 | 016,265,096 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014-02-21 05:27:17 | 001,727,264 | ---- | M] () -- C:\Program Files\FindRight\FindRight.FirstRun.exe
MOD - [2014-02-15 20:30:30 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014-02-14 10:20:04 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\360603d8efa82557e7fce70287cb242e\WindowsFormsIntegration.ni.dll
MOD - [2014-02-14 10:19:36 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014-02-14 10:18:21 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5bce8f20c40a761f9d863216fef8f3ce\UIAutomationProvider.ni.dll
MOD - [2014-02-14 10:18:19 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
MOD - [2014-02-14 10:18:19 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.Wrapper.dll
MOD - [2014-02-14 10:18:18 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
MOD - [2014-02-14 10:18:17 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
MOD - [2014-02-14 10:18:14 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014-02-14 10:17:59 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\13c50e7f6e6117b893e062d05602a404\Accessibility.ni.dll
MOD - [2014-02-14 10:08:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014-02-14 01:18:02 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\880358291baf3043e07b2a7c2f401c85\PresentationFramework.ni.dll
MOD - [2014-02-14 01:17:58 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2c4f9ef6baacb578ab136a5b30ada098\System.Data.ni.dll
MOD - [2014-02-14 01:17:54 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014-02-14 01:17:47 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4bfb0decf7cfe076020f64ee6dd007cc\PresentationFramework.Aero.ni.dll
MOD - [2014-02-14 01:17:44 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\db591e35967527b7b864124303dea13a\PresentationCore.ni.dll
MOD - [2014-02-14 01:17:44 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014-02-14 01:17:41 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014-02-14 01:17:40 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll
MOD - [2014-02-14 01:17:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dc74ab189aa9b156581a7228866d3330\WindowsBase.ni.dll
MOD - [2014-02-14 01:17:34 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014-02-14 01:17:33 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014-02-14 01:17:28 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014-02-14 01:12:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014-02-14 01:12:04 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014-02-14 01:11:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014-02-14 01:11:39 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014-02-14 01:11:38 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014-02-14 01:11:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014-01-24 16:45:08 | 000,069,632 | ---- | M] () -- C:\Program Files\Speccy\Lang\lang-1045.dll
MOD - [2013-11-01 11:34:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012-11-28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-11-28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-11-13 03:39:47 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014-02-22 19:54:35 | 000,111,392 | ---- | M] () [Auto | Running] -- C:\Program Files\FindRight\bin\utilFindRight.exe -- (Util FindRight)
SRV - [2014-02-21 15:37:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-02-21 05:26:24 | 000,111,392 | ---- | M] () [Auto | Running] -- C:\Program Files\FindRight\updateFindRight.exe -- (Update FindRight)
SRV - [2014-02-15 20:30:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-02-06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014-01-16 01:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2013-12-18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-11-01 11:34:26 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-02-25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-01-04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010-11-26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-05-27 21:10:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-02-10 17:01:49 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\User\AppData\Local\Temp\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - [2014-02-16 15:46:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013-11-08 23:19:50 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2013-11-01 11:34:28 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-11-01 11:34:28 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-11-01 11:34:28 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013-11-01 11:34:28 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-11-01 11:34:28 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-11-01 11:34:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-11-01 11:34:28 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013-08-30 08:48:11 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013-02-25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013-02-12 04:32:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-05-27 08:40:24 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/?a=6R8I2Afr6w&loc=skw&search={searchTerms}
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: %7B42e50651-9669-456e-9081-d5a836274274%7D:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-01 11:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-02-15 20:30:25 | 000,000,000 | ---D | M]
 
[2010-05-16 12:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010-05-16 12:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2014-02-22 18:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1e47x1p8.default\extensions
[2014-02-21 05:26:24 | 000,008,114 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1e47x1p8.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi
[2013-10-21 14:16:23 | 000,002,115 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1e47x1p8.default\searchplugins\MyStart Search.xml
[2014-02-15 20:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014-02-15 20:30:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013-12-18 19:42:36 | 000,187,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: McAfee Security Scan+ = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2010-01-27 17:12:50 | 000,377,845 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 13021 more lines...
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (FindRight) - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files\FindRight\FindRightBHO.dll (FindRight)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [GG] C:\Users\User\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP File not found
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{339041F1-8E78-4E39-9C68-5343B52BDD81}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B58DEB3E-671F-4C6B-ADFC-BE225E91377A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D391C7-DE9B-44A9-9466-5909B059AFCD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-02-22 18:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014-02-22 18:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014-02-22 18:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\FindRight
[2014-02-17 14:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014-02-17 14:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014-02-16 15:39:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2014-02-16 15:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014-02-16 15:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2014-02-16 15:39:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0401000.01C
[2014-02-15 20:56:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014-02-15 20:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014-02-14 19:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 PrO
[2014-02-14 19:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Counter Strike 1.6 PrO
[2014-02-14 01:18:13 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014-02-14 01:18:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014-02-14 01:18:13 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014-02-14 01:18:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014-02-14 01:18:12 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014-02-14 01:18:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014-02-14 01:18:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014-02-14 01:18:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014-02-14 01:18:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014-02-14 01:18:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014-02-14 01:18:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014-02-14 01:18:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014-02-14 01:18:11 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014-02-14 01:18:11 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014-02-14 01:18:09 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014-02-14 01:18:07 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014-02-13 14:44:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014-02-13 14:44:27 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014-02-13 14:44:27 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014-02-13 14:44:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014-02-13 14:44:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014-02-13 14:44:25 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014-02-13 14:44:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014-02-13 14:44:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014-02-13 14:44:25 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014-02-13 14:44:24 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014-02-13 14:44:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014-02-13 14:44:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014-02-06 21:52:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Blender Foundation
[2014-02-06 21:35:44 | 000,000,000 | ---D | C] -- C:\Users\User\.thumbnails
[2014-02-06 21:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2014-02-06 21:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
 
========== Files - Modified Within 30 Days ==========
 
[2014-02-22 19:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-02-22 19:53:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189539843-2385702206-1642891728-1000UA.job
[2014-02-22 19:53:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189539843-2385702206-1642891728-1000Core.job
[2014-02-22 19:37:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-02-22 19:01:16 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014-02-22 18:58:00 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-02-22 18:58:00 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-02-22 17:44:04 | 000,286,254 | ---- | M] () -- C:\Users\User\Desktop\1j7WX1F.png
[2014-02-22 17:19:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2014-02-22 17:02:09 | 000,697,896 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014-02-22 17:02:09 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-02-22 17:02:09 | 000,135,006 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014-02-22 17:02:09 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-02-22 16:56:49 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for User.job
[2014-02-22 15:54:01 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-02-22 10:36:40 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-02-22 10:36:40 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014-02-22 10:36:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-02-22 10:36:26 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2014-02-21 18:58:58 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\google chrome.lnk
[2014-02-21 15:37:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-02-21 15:37:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-02-17 14:49:47 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014-02-17 14:49:47 | 000,002,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014-02-16 15:39:53 | 000,001,415 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK
[2014-02-14 19:31:04 | 000,001,956 | ---- | M] () -- C:\Users\User\Desktop\Counter Strike 1.6 PrO.lnk
[2014-02-06 21:35:27 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2014-02-06 11:20:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014-02-06 11:19:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014-02-06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014-02-06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014-02-06 10:52:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014-02-06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014-02-06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014-02-06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014-02-06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014-02-06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014-02-06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014-02-06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014-02-06 10:25:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014-02-06 10:13:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014-02-06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014-02-06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014-01-31 11:37:27 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0401000.01C\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2014-02-22 17:44:03 | 000,286,254 | ---- | C] () -- C:\Users\User\Desktop\1j7WX1F.png
[2014-02-17 14:49:47 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014-02-16 15:39:49 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0401000.01C\isolate.ini
[2014-02-14 19:31:04 | 000,001,956 | ---- | C] () -- C:\Users\User\Desktop\Counter Strike 1.6 PrO.lnk
[2014-02-06 21:35:27 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2013-06-07 17:08:53 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-06-07 17:08:51 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012-10-13 15:55:16 | 001,432,368 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012-10-04 16:17:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-01-28 19:36:00 | 000,010,240 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

[/log]
 

Edited by Natsuki Kuga

Share this post


Link to post
Share on other sites

Log jest wykonany poprawnie, ale to jest już piąte uruchomienie - kiedy wykonałaś pierwszy log?

 

Extras utworzy się, jeśli zaznaczysz pole [b]Rejestr dodatkowy[/b] na filtrowanie.

Share this post


Link to post
Share on other sites

Pierwszy log zrobiłam kilkanaście minut przed tym robiłam kilka, bo nie wiedziałam o co chodzi , pierwszy raz robiłam log przepraszam
 
Więc czy wystarczy wejść w about:config i niektóre rzeczy modyfikować ? widzę, że zaś mi się tam babylon się pogrubił czy da się te wszystkie rzeczy usunac jakoś ?

 

Znalazłam przy okazji Extras jak robiłam może się też przyda :

 

[spoiler]OTL Extras logfile created on: 2014-02-22 19:09:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 38,94% Memory free
4,00 Gb Paging File | 2,12 Gb Available in Paging File | 52,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,60 Gb Total Space | 55,25 Gb Free Space | 49,07% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 581,29 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
 
Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020CE47A-DE02-488C-92EC-84599F1E71B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03B7D3C0-EBB6-4DF0-A877-51186D15EFDE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{09F4FD93-EA80-4E03-96F7-8E1D5CFD92D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{16756C89-9E7F-42C9-8027-842D9E7C74EA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1B406A21-8478-42F2-800B-5ADB84B8F803}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B8A869A-4FE8-4EF3-A51B-224AAB891B72}" = rport=10243 | protocol=6 | dir=out | app=system |
"{269D0029-E7D6-4AC0-9C3B-33BD1920E660}" = rport=138 | protocol=17 | dir=out | app=system |
"{45469BF2-D88E-4AD7-8FC1-3A6FCDDE28DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{495C4C08-261A-4F0B-B4E3-62BDCA04C3FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C23FA2E-857E-4762-B616-1098B41BB93E}" = lport=137 | protocol=17 | dir=in | app=system |
"{675599A5-3C9F-469D-A9CD-3B5AF3FCFF46}" = rport=139 | protocol=6 | dir=out | app=system |
"{70BF19FB-DAB6-471C-A870-FF91F3CF5C0B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7410F4D1-9D8B-4652-99CE-CA1ABF0E0037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8EF52F3B-4F92-4BF7-AE12-D3BFB7C8EEE7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A099D6BB-B1C5-4845-93DB-378ACBF6F96A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A73BDEF9-337F-4CC9-8AF5-9C48DF6E73D4}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1824A8F-4CF9-4472-A4A7-6AA6CE4EF922}" = lport=49233 | protocol=6 | dir=in | name=akamai netsession interface |
"{CF096AD0-5F21-4051-9934-580777F2CCB2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D78F1B21-C315-4F3A-B450-6B10C25523CD}" = lport=138 | protocol=17 | dir=in | app=system |
"{DBE7A88A-3BCA-4609-8481-8BC64961DC00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E34700A5-3177-4EC0-9F7C-9C03E06667E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F08D8D10-971D-447F-9D2C-4909A4DD88B6}" = rport=445 | protocol=6 | dir=out | app=system |
"{FFF10DAD-E0A5-407D-B5D8-5497D22B86AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0047F897-10E2-4072-A651-88F958419141}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0487CBD6-1849-49A2-A952-E46AB6E81063}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_pl\data\x2.exe |
"{12B00AA3-82DE-4D9B-A963-4F3931E5CD72}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{168566D2-4C9A-4D8F-9387-189AF7713EBE}" = protocol=6 | dir=out | app=system |
"{24E09467-0B00-4EB0-8CC8-8EF94729664D}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\2yourface\updater.exe |
"{2BE47C45-B145-4B52-B388-640E6FD59530}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30AEDB60-346D-4CCB-A77E-4FF462EBD5EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{392ECB8C-82F5-4E6F-91F2-2163DD70AC85}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3B50C536-4719-4BEC-B56B-CF89C2A32D3B}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_pl\data\x2.exe |
"{4293902D-5750-464A-AC48-5D8D5B30B77B}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{43C17C23-4076-4373-8806-205F7CDBC051}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{44C4E5B0-741B-4DD4-AB77-DC615BB4DEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46E65A17-648B-4E05-9FA0-A6E75120C1B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48F19F24-9E0B-4D5D-A140-4B1D5AF72738}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5165A3FC-0C1F-49DC-B720-4836D52DE6D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5448F59F-94AB-4E8D-BCC0-B0F333850AAB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5A7861F5-EEB9-4954-8513-BFED55717284}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5E1C1E41-85A5-4AEC-B431-C6AEB36BD463}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{61F4E4AF-6A3C-48A3-B9E2-492CC754F3AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{649A6EEF-38E5-4B85-9D2F-24E3BD3BC4B0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{696FB834-4609-4AB6-A19E-B1069828F7C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BD77D5C-A8C0-4551-A150-52AAAB6A770C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{845AEA28-5FE4-4FA9-BFE0-766EFAE2D7F7}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{92B95C65-5D69-4325-86D6-E67AA65E1FFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{92E1732A-EC85-40AC-8788-0CDDFA651531}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A889FBD-12AB-4C96-B0C3-6E7F17E92EE9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9E868D7B-CF7C-4B2D-B526-9346C0D4BC22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FE8DC23-AED4-43DB-B070-D3F23CBAA01C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A8A62CCF-57FD-4BA9-8194-EB4FCE819131}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AAB691E3-22EB-4EB2-A60C-C490CB37F4E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AE8A5009-017E-45F7-8E70-94E694AEF883}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BEF2CFCE-BA4B-40B1-B948-9B0A3E89DD62}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C0DC835C-FFE2-4467-8450-8E6E1101DBD6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C23BBC20-BEEA-480E-8537-380A6A88AF08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C9C4F1D2-FB30-46B4-BAA8-A0114D11CA8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0F28989-D29A-4932-879F-353B3BED5DB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D298CE94-6854-4661-9738-0894349EEFAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2242C3E-1A8B-4542-8E50-3C6E4F265D79}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EF481A7F-7511-46C3-B79D-C6A30DF95295}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F789921D-87AA-4491-974B-76D9F98055BD}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\2yourface\updater.exe |
"TCP Query User{2B7E9D65-C649-4488-B16B-E4B7CCD5D87C}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{3DB7E279-6F30-4894-8348-9043E9B383A6}C:\program files\counter strike 1.6 pro\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter strike 1.6 pro\hl.exe |
"TCP Query User{43937023-05F2-4287-B0AB-1E9635AB7642}C:\users\user\downloads\emule0.50a-xtreme8.1(dobreprogramy.pl)\emule.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\emule0.50a-xtreme8.1(dobreprogramy.pl)\emule.exe |
"TCP Query User{62F3BC4B-5607-400C-BE4E-981E66400823}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{73FF0B1B-D60A-4C0C-B16A-93435755774D}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{76619852-5C80-4C81-ADD3-B999744ECB4F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AC77F6E1-D119-40D8-BE7C-83EF905FDA8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CC311516-5952-499F-8653-0027423B0766}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D00E49BB-A456-41E5-A92D-F52DCF3EA343}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E4E0459D-9891-4904-8BBE-E369C1908283}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{1222FA7D-3C89-4986-B48A-C2A30629C600}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{225BDCD0-1719-487E-945C-6F6A102D6A6C}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{23B4EAC5-10BB-431F-808E-106A3E701643}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{366A50AB-C815-4BF8-BD8A-5CF98891E988}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{461F4D3D-2621-4344-B1D7-0B5AEAE777AE}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{576530E3-3099-4AF4-B13D-AD1A37CD1ECC}C:\users\user\downloads\emule0.50a-xtreme8.1(dobreprogramy.pl)\emule.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\emule0.50a-xtreme8.1(dobreprogramy.pl)\emule.exe |
"UDP Query User{891EB291-F880-41E4-8710-FC7545DEE34E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B870EB9F-DF94-4EB4-863F-F2927975B5E2}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{CFB37E16-41E6-44E5-AAF9-F7178E646538}C:\program files\counter strike 1.6 pro\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter strike 1.6 pro\hl.exe |
"UDP Query User{D2D1F67F-F159-473F-A129-F88863C7904C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1701765B-6D93-43C6-A835-DD423517581F}" = OpenOffice.org 3.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{567C9882-843D-4188-A181-00E2CC3E1045}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BF8787-A67D-4CBC-9155-22927199F4BB}" = TP-LINK Wireless Client Utility
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F45F0D-A70C-4EDF-A077-CE5395CDFA0A}" = Aeria Ignite
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Polish
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Obsługa programów Apple
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EB71C244-E324-4F40-9998-A7FA59D3D103}" = Mój MousePainter
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.3.1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.13.3296" = Aeria Ignite
"avast" = avast! Free Antivirus
"Blender" = Blender
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Counter Strike 1.6 PrO 2013" = Counter Strike 1.6 PrO
"Elsword_PL_is1" = Elsword_PL
"FindRight" = FindRight
"Free Media Converter_is1" = Free Media Converter 2.9
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"League of Legends 3.0.1" = League of Legends
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 27.0.1 (x86 pl)" = Mozilla Firefox 27.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PaintToolSAI" = PaintTool SAI Ver.1
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Rejestracja użytkownika drukarki Canon MP270 series" = Rejestracja użytkownika drukarki Canon MP270 series
"Revo Uninstaller" = Revo Uninstaller 1.95
"Shaiya-PL" = Shaiya-PL
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"ZTE Remote NDIS_is1" = ZTE Remote NDIS Device
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"GG" = GG
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 2012-10-02 10:20:37 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-03 05:27:56 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-04 04:26:08 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-05 04:22:25 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-06 05:49:11 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-07 05:19:37 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-08 07:31:44 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-09 09:14:48 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-10 04:32:14 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
Error - 2012-10-11 10:03:27 | Computer Name = User-Komputer | Source = avast! | ID = 33554522
Description =
 
[ Application Events ]
Error - 2012-07-23 12:36:31 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 9000
Description =
 
Error - 2012-07-23 12:36:31 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 7040
Description =
 
Error - 2012-07-23 12:36:31 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 7042
Description =
 
Error - 2012-07-23 12:36:31 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 9002
Description =
 
Error - 2012-07-23 12:36:31 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 3029
Description =
 
Error - 2012-07-23 12:36:32 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 3029
Description =
 
Error - 2012-07-23 12:36:32 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 3028
Description =
 
Error - 2012-07-23 12:36:32 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 3058
Description =
 
Error - 2012-07-23 12:36:32 | Computer Name = User-Komputer | Source = Windows Search Service | ID = 7010
Description =
 
Error - 2012-07-23 12:36:32 | Computer Name = User-Komputer | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 2014-02-18 09:00:46 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa nvUpdatusService nie może zalogować się jako .\UpdatusUser
za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:   %%1330    Aby
 upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
 programie Microsoft Management Console (MMC).
 
Error - 2014-02-18 09:00:46 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego
 błędu:   %%1069
 
Error - 2014-02-19 08:13:34 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa nvUpdatusService nie może zalogować się jako .\UpdatusUser
za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:   %%1330    Aby
 upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
 programie Microsoft Management Console (MMC).
 
Error - 2014-02-19 08:13:34 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego
 błędu:   %%1069
 
Error - 2014-02-20 10:27:49 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa nvUpdatusService nie może zalogować się jako .\UpdatusUser
za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:   %%1330    Aby
 upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
 programie Microsoft Management Console (MMC).
 
Error - 2014-02-20 10:27:49 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego
 błędu:   %%1069
 
Error - 2014-02-21 08:45:07 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa nvUpdatusService nie może zalogować się jako .\UpdatusUser
za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:   %%1330    Aby
 upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
 programie Microsoft Management Console (MMC).
 
Error - 2014-02-21 08:45:07 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego
 błędu:   %%1069
 
Error - 2014-02-22 05:38:52 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa nvUpdatusService nie może zalogować się jako .\UpdatusUser
za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:   %%1330    Aby
 upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
 programie Microsoft Management Console (MMC).
 
Error - 2014-02-22 05:38:52 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego
 błędu:   %%1069
 
 
< End of report >[/spoiler]

Edited by Pozytywna

Share this post


Link to post
Share on other sites

Więc czy wystarczy wejść w about:config i niektóre rzeczy modyfikować ?

 

Niby można, tylko dwa zastrzeżenia:

 

- Musisz wiedzieć, co robisz, bo jak zmodyfikujesz złe wartości może to się skończyć niestabilnym działaniem przeglądarki

- Usunięte wpisy mogą powrócić, jeśli infekcja jest aktywna

 

 

czy da się te wszystkie rzeczy usunac jakoś ?

 

Pewnie, niżej podaję instrukcje:

 

1. Odinstaluj poprzez Dodaj/usuń programy: Java™ 6 Update 20, Java Auto Updater, McAfee Security Scan Plus, Norton Security Scan (te skanery są zupełnie niepotrzebne, masz już avasta i on wystarczy)

2. Sprawdź w przeglądarkach, czy posiadasz wymienione dodatki, jeśli są, odinstaluj: IB Updater, Babylon, MyStart Search, McAfee Security Scanner, AVG Secure Search

3. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ):


:OTL
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...h={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
[2013-10-21 14:16:23 | 000,002,115 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1e47x1p8.default\searchplugins\MyStart Search.xml
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - Extension: McAfee Security Scan+ = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (FindRight) - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files\FindRight\FindRightBHO.dll (FindRight)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart File not found
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP File not found
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

:Files
C:\Program Files\FindRight
C:\Program Files\McAfee Security Scan
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
C:\Program Files\Norton Security Scan
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\Users\Public\Desktop\Norton Security Scan.LNK
C:\Windows\tasks\Norton Security Scan for User.job
C:\Program Files\Babylon
C:\Program Files\AVG Secure Search

:Services
Util FindRight
Update FindRight
McComponentHostService

:Commands
[resethosts]

5. Użyj AdwCleaner z opcji Usuń. Pokaż raport.

6. Zainstaluj Java 7 Update 51: http://download.oracle.com/otn-pub/java/jdk/7u51-b13/jre-7u51-windows-i586.exe

7. Pokaż nowe logi z OTL + log z Gmer.

Share this post


Link to post
Share on other sites

Witam ponownie.

Wykonałam polecenia

1. Usunęłam programy które zaleciłeś, ale nie miałam czegoś takiego jak "Java Auto Updater"

2. W dodatkach nie miałam nic, dawniej temu miałam to pousuwałam właśnie Mystart, avg itp.

3.

[spoiler]OTL logfile created on: 2014-03-09 15:52:29 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,63% Memory free
4,00 Gb Paging File | 2,43 Gb Available in Paging File | 60,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,60 Gb Total Space | 54,59 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 581,29 Gb Free Space | 99,21% Space Free | Partition Type: NTFS

Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-03-09 15:50:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL(2).exe
PRC - [2014-03-09 15:28:22 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-03-09 15:28:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-02-21 15:37:29 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014-02-15 20:30:31 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-12-18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-06-06 22:59:45 | 001,925,656 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
PRC - [2013-06-05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2013-01-18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013-01-18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-01-04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012-01-04 21:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe


========== Modules (No Company Name) ==========

MOD - [2014-02-27 23:10:26 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\4d5d17a21443c7ea06190ccce3cb4ce1\System.EnterpriseServices.ni.dll
MOD - [2014-02-27 23:10:26 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\4d5d17a21443c7ea06190ccce3cb4ce1\System.EnterpriseServices.Wrapper.dll
MOD - [2014-02-27 23:10:25 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014-02-27 23:10:24 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014-02-27 23:10:23 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014-02-27 23:10:21 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014-02-27 23:10:19 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014-02-27 23:10:14 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014-02-27 23:10:09 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014-02-27 23:10:07 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014-02-27 23:10:06 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014-02-27 23:10:02 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014-02-27 23:10:01 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014-02-27 23:09:58 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014-02-27 23:09:58 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014-02-27 23:09:54 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014-02-27 23:09:53 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014-02-27 23:09:47 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014-02-21 15:37:29 | 016,265,096 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014-02-15 20:30:30 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013-11-01 11:34:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012-11-28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-11-28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2014-03-09 15:28:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014-02-21 15:37:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-02-15 20:30:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-02-06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013-12-18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-02-25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-01-04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010-11-26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-05-27 21:10:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-02-10 17:01:49 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2014-03-09 15:28:25 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014-03-09 15:28:25 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014-03-09 15:28:25 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014-03-09 15:28:25 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014-03-09 15:28:25 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2013-11-01 11:34:28 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013-11-01 11:34:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-08-30 08:48:11 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013-02-25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013-02-12 04:32:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-05-27 08:40:24 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/?a=6R8I2Afr6w&loc=skw&search={searchTerms}
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09 15:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-02-15 20:30:25 | 000,000,000 | ---D | M]

[2010-05-16 12:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2014-02-22 22:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1e47x1p8.default\extensions
[2014-03-09 15:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014-02-15 20:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014-02-15 20:30:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: McAfee Security Scan+ = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2010-01-27 17:12:50 | 000,377,845 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 13021 more lines...
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [GG] C:\Users\User\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{339041F1-8E78-4E39-9C68-5343B52BDD81}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B58DEB3E-671F-4C6B-ADFC-BE225E91377A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D391C7-DE9B-44A9-9466-5909B059AFCD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-03-09 15:28:27 | 000,064,168 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014-02-26 22:59:32 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014-02-22 18:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014-02-22 18:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014-02-15 20:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014-02-14 19:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Counter Strike 1.6 PrO
[2014-02-14 01:18:13 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014-02-14 01:18:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014-02-14 01:18:13 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014-02-14 01:18:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014-02-14 01:18:12 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014-02-14 01:18:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014-02-14 01:18:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014-02-14 01:18:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014-02-14 01:18:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014-02-14 01:18:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014-02-14 01:18:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014-02-14 01:18:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014-02-14 01:18:11 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014-02-14 01:18:11 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014-02-14 01:18:09 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014-02-14 01:18:07 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014-02-13 14:44:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014-02-13 14:44:27 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014-02-13 14:44:27 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014-02-13 14:44:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014-02-13 14:44:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014-02-13 14:44:25 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014-02-13 14:44:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014-02-13 14:44:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014-02-13 14:44:25 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014-02-13 14:44:24 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014-02-13 14:44:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014-02-13 14:44:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

========== Files - Modified Within 30 Days ==========

[2014-03-09 15:54:01 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-03-09 15:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-03-09 15:47:28 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-03-09 15:47:28 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-03-09 15:38:31 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-03-09 15:30:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-03-09 15:30:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014-03-09 15:30:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-03-09 15:30:16 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2014-03-09 15:28:50 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-03-09 15:28:25 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014-03-09 15:28:25 | 000,410,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014-03-09 15:28:25 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014-03-09 15:28:25 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014-03-09 15:28:25 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014-03-09 15:28:25 | 000,064,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014-03-09 15:28:25 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-03-09 13:53:07 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189539843-2385702206-1642891728-1000UA.job
[2014-03-08 19:53:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189539843-2385702206-1642891728-1000Core.job
[2014-03-08 19:19:43 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014-03-04 15:02:03 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\google chrome.lnk
[2014-02-27 23:11:33 | 000,740,438 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014-02-27 23:11:33 | 000,654,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-02-27 23:11:33 | 000,156,012 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014-02-27 23:11:33 | 000,122,142 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-02-22 22:38:38 | 000,000,638 | ---- | M] () -- C:\Users\User\Desktop\PaintTool SAI Ver.1.lnk
[2014-02-22 17:44:04 | 000,286,254 | ---- | M] () -- C:\Users\User\Desktop\1j7WX1F.png
[2014-02-22 17:19:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2014-02-21 15:37:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-02-21 15:37:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-02-17 14:49:16 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini

========== Files Created - No Company Name ==========

[2014-03-09 15:47:22 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014-02-22 22:38:38 | 000,000,638 | ---- | C] () -- C:\Users\User\Desktop\PaintTool SAI Ver.1.lnk
[2014-02-22 17:44:03 | 000,286,254 | ---- | C] () -- C:\Users\User\Desktop\1j7WX1F.png
[2013-06-07 17:08:53 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-06-07 17:08:51 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012-10-13 15:55:16 | 001,432,368 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012-10-04 16:17:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-01-28 19:36:00 | 000,010,240 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :OTL >

< IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...h={searchTerms} >

< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox >

< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com >

< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox >

< [2013-10-21 14:16:23 | 000,002,115 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1e47x1p8.default\searchplugins\MyStart Search.xml >

< CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll >

< CHR - Extension: McAfee Security Scan+ = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\ >

< O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) >

< O2 - BHO: (FindRight) - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files\FindRight\FindRightBHO.dll (FindRight) >

< O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart File not found >

< O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [AdobeBridge] File not found >

< O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP File not found >

< O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1003..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB File not found >

< O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found >
Invalid Switch: ActionTU.htm File not found

< O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found >
Invalid Switch: Action.htm File not found

< O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found >
Invalid Switch: ActionTU.htm File not found

< O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found >
Invalid Switch: ActionTU.htm File not found

< >

< :Files >

< C:\Program Files\FindRight >

< C:\Program Files\McAfee Security Scan >

< C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus >

< C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan >

< C:\Program Files\Norton Security Scan >

< C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job >
[2014-03-09 15:30:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

< C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job >
[2014-03-09 15:30:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

< C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk >

< C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk >

< C:\Users\Public\Desktop\Norton Security Scan.LNK >

< C:\Windows\tasks\Norton Security Scan for User.job >

< C:\Program Files\Babylon >

< C:\Program Files\AVG Secure Search >

< >

< :Services >

< Util FindRight >

< Update FindRight >

< McComponentHostService >

< >

< :Commands >

< [resethosts] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
[/spoiler]

 

4. Adwcleaner

Wcisnęłam szukaj i zrobiłam log, nie wiem czy wszystkie zaznaczone usunąć ?

[spoiler]# AdwCleaner v3.020 - Log utworzony 09/03/2014 o 16:07:10
# Aktualizacja 27/02/2014 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (32 bits)
# Użytkownik : User - USER-KOMPUTER
# Ścieżka : C:\Users\User\Downloads\adwcleaner.exe
# Opcja : Szukaj

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****

Folder Znaleziono C:\Program Files\registry mechanic
Folder Znaleziono C:\ProgramData\Babylon
Folder Znaleziono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Znaleziono C:\ProgramData\Tarma Installer
Folder Znaleziono C:\Users\User\AppData\Local\Babylon
Folder Znaleziono C:\Users\User\AppData\Local\Temp\Babylon
Folder Znaleziono C:\Users\User\AppData\Roaming\Babylon
Folder Znaleziono C:\Users\User\AppData\Roaming\registry mechanic
Folder Znaleziono C:\Windows\system32\AI_RecycleBin
Plik Znaleziono : C:\Users\User\AppData\Local\Temp\Uninstall.exe
Plik Znaleziono : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1e47x1p8.default\user.js
Plik Znaleziono : C:\Windows\system32\dmwu.exe
Plik Znaleziono : C:\Windows\system32\ImhxxpComm.dll

***** [ Skróty ] *****


***** [ Rejestr ] *****

Klucz Znaleziono : HKCU\Software\AppDataLow\Software\Smart Suggestor
Klucz Znaleziono : HKCU\Software\Babylon
Klucz Znaleziono : HKCU\Software\IM
Klucz Znaleziono : HKCU\Software\ImInstaller
Klucz Znaleziono : HKCU\Software\InstallCore
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Klucz Znaleziono : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Klucz Znaleziono : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB536AF2-E422-402D-B7FD-887297F1A198}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB536AF2-E422-402D-B7FD-887297F1A198}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Klucz Znaleziono : HKCU\Software\powerpack
Klucz Znaleziono : HKCU\Software\Softonic
Klucz Znaleziono : HKCU\Software\wnlt
Klucz Znaleziono : HKLM\Software\caphyon
Klucz Znaleziono : HKLM\SOFTWARE\Classes\.bdc
Klucz Znaleziono : HKLM\SOFTWARE\Classes\.bgl
Klucz Znaleziono : HKLM\SOFTWARE\Classes\.bof
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\BabyDict
Klucz Znaleziono : HKLM\SOFTWARE\Classes\BabyGloss
Klucz Znaleziono : HKLM\SOFTWARE\Classes\BabyOptFile
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{DB536AF2-E422-402D-B7FD-887297F1A198}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Znaleziono : HKLM\SOFTWARE\Classes\SectionToolBar.ctlSectionToolBar
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\demmlacpnijjgliknaehpamnnbncnodb
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Klucz Znaleziono : HKLM\Software\IB Updater
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_painttool-sai_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_painttool-sai_RASMANCS
Klucz Znaleziono : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Klucz Znaleziono : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Klucz Znaleziono : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Klucz Znaleziono : HKLM\Software\Tarma Installer
Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Wartość Znaleziono : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wartość Znaleziono : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Wartość Znaleziono : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (pl)

[ Plik : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1e47x1p8.default\prefs.js ]

Wpis znaleziony : user_pref("extensions.BabylonToolbar.admin", false);
Wpis znaleziony : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.excTlbr", false);
Wpis znaleziony : user_pref("extensions.BabylonToolbar.ffxUnstlRst", false);
Wpis znaleziony : user_pref("extensions.BabylonToolbar.id", "9092795700000000000074ea3ab40532");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.instlDay", "15735");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.newTab", false);
Wpis znaleziony : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.rvrt", "false");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9092795700000000000074ea3ab40532&q=");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.2");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.216:12:44");
Wpis znaleziony : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.2");
Wpis znaleziony : user_pref("extensions.BabylonToolbar_i.babExt", "");
Wpis znaleziony : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=118159");
Wpis znaleziony : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Wpis znaleziony : user_pref("extensions.incredibar_i.aflt", "orgnl");
Wpis znaleziony : user_pref("extensions.incredibar_i.dfltLng", "");
Wpis znaleziony : user_pref("extensions.incredibar_i.did", "10665");
Wpis znaleziony : user_pref("extensions.incredibar_i.excTlbr", false);
Wpis znaleziony : user_pref("extensions.incredibar_i.id", "9092795700000000000074ea3ab40532");
Wpis znaleziony : user_pref("extensions.incredibar_i.installerproductid", "26");
Wpis znaleziony : user_pref("extensions.incredibar_i.instlDay", "15626");
Wpis znaleziony : user_pref("extensions.incredibar_i.instlRef", "");
Wpis znaleziony : user_pref("extensions.incredibar_i.ms_url_id", "");
Wpis znaleziony : user_pref("extensions.incredibar_i.newTab", false);
Wpis znaleziony : user_pref("extensions.incredibar_i.ppd", "");
Wpis znaleziony : user_pref("extensions.incredibar_i.prdct", "incredibar");
Wpis znaleziony : user_pref("extensions.incredibar_i.productid", "26");
Wpis znaleziony : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Wpis znaleziony : user_pref("extensions.incredibar_i.smplGrp", "none");
Wpis znaleziony : user_pref("extensions.incredibar_i.tlbrId", "base");
Wpis znaleziony : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8I2Afr6w&loc=IB_TB&i=26&search=");
Wpis znaleziony : user_pref("extensions.incredibar_i.upn2", "6R8I2Afr6w");
Wpis znaleziony : user_pref("extensions.incredibar_i.upn2n", "92825219368689032");
Wpis znaleziony : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Wpis znaleziony : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:55:34");
Wpis znaleziony : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Wpis znaleziony : user_pref("extensions.ui.lastCategory", "addons://search/incredibar");
Wpis znaleziony : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Wpis znaleziony : user_pref("extentions.y2layers.installId", "781fc88f-1d76-4a28-8cb5-a5de67168ad8");
Wpis znaleziony : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]

-\\ Google Chrome v33.0.1750.146

[ Plik : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11767 octets] - [09/03/2014 16:07:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11828 octets] ##########
[/spoiler]

 

5. Jak wcisnęłam ten link do pobierania Javy 7 wyskoczyło mi coś takiego

"[spoiler]
Sorry!
In order to download products from Oracle Technology Network you must agree to the OTN license terms.
Be sure that...
Your browser has "cookies" and JavaScript enabled.
You clicked on "Accept License" for the product you wish to download.
You attempt the download within 30 minutes of accepting the license.
From here you can go...
Back to Previous Page
Site Map
OTN Homepage[/spoiler]

 

Co powinnam zrobić ?

 

Nie zrobiłam jeszcze:

 nowe logów z OTL + log z Gmer gdyż wolę żebyś pierwsze sprawdził co jest z tymi wcześniejszymi punktami i czy mogę już to zrobić

"

spacer.gif                          

 

Share this post


Link to post
Share on other sites

Punkt 3 - do powtórki - miałaś wkleić ten skrypt i kliknąć [b]Wykonaj skrypt[/b], a nie [b]Skanuj.[/b] ;)

 

4. Adwcleaner Wcisnęłam szukaj i zrobiłam log, nie wiem czy wszystkie zaznaczone usunąć ?

Tak, usuń.

 

5. Jak wcisnęłam ten link do pobierania Javy 7 wyskoczyło mi coś takiego "


In order to download products from Oracle Technology Network you must agree to the OTN license terms.

Musisz zaakceptować licencję, inaczej nie pobierzesz Javy: http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz opcję odpowiednią dla swojego systemu - Windows x86)

 

Po zrobieniu tego wyżej możesz pokazać zestaw nowych logów.

Share this post


Link to post
Share on other sites

Ok usunęłam to z Adwcleaner.

 

Przepraszam za wcześniejszy błąd

Tutaj jest wykonany skrypt :)

[spoiler]========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\IB Updater\Firefox not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com not found.
File C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}\ not found.
File C:\Program Files\IB Updater\Firefox not found.
File C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1e47x1p8.default\searchplugins\MyStart Search.xml not found.
File C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
File C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c774641-5504-46a8-b63f-6715ae3fe376}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c774641-5504-46a8-b63f-6715ae3fe376}\ not found.
File C:\Program Files\FindRight\FindRightBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Babylon Client not found.
Registry value HKEY_USERS\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2189539843-2385702206-1642891728-1003\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-2189539843-2385702206-1642891728-1003\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
========== FILES ==========
File\Folder C:\Program Files\FindRight not found.
File\Folder C:\Program Files\McAfee Security Scan not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan not found.
File\Folder C:\Program Files\Norton Security Scan not found.
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job moved successfully.
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job moved successfully.
File\Folder C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
File\Folder C:\Users\Public\Desktop\Norton Security Scan.LNK not found.
File\Folder C:\Windows\tasks\Norton Security Scan for User.job not found.
File\Folder C:\Program Files\Babylon not found.
File\Folder C:\Program Files\AVG Secure Search not found.
========== SERVICES/DRIVERS ==========
Error: No service named Util FindRight was found to stop!
Service\Driver key Util FindRight not found.
Error: No service named Update FindRight was found to stop!
Service\Driver key Update FindRight not found.
Error: No service named McComponentHostService was found to stop!
Service\Driver key McComponentHostService not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03102014_141210
[/spoiler]

 

Zainstalowałam już jave

 

Nowe logi z otl :

[spoiler]OTL logfile created on: 2014-03-10 14:26:09 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,32% Memory free
4,00 Gb Paging File | 2,57 Gb Available in Paging File | 64,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,60 Gb Total Space | 56,63 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 581,29 Gb Free Space | 99,21% Space Free | Partition Type: NTFS

Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-03-10 14:11:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL(3).exe
PRC - [2014-03-09 15:28:22 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-03-09 15:28:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-02-21 15:37:29 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014-02-15 20:30:31 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-12-18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-06-06 22:59:45 | 001,925,656 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
PRC - [2013-06-05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2013-01-18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013-01-18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-09-20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012-01-04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012-01-04 21:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe


========== Modules (No Company Name) ==========

MOD - [2014-02-27 23:10:26 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\4d5d17a21443c7ea06190ccce3cb4ce1\System.EnterpriseServices.ni.dll
MOD - [2014-02-27 23:10:26 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\4d5d17a21443c7ea06190ccce3cb4ce1\System.EnterpriseServices.Wrapper.dll
MOD - [2014-02-27 23:10:25 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014-02-27 23:10:24 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014-02-27 23:10:23 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014-02-27 23:10:21 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014-02-27 23:10:19 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014-02-27 23:10:14 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014-02-27 23:10:09 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014-02-27 23:10:07 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014-02-27 23:10:06 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014-02-27 23:10:02 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014-02-27 23:10:01 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014-02-27 23:09:58 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014-02-27 23:09:58 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014-02-27 23:09:54 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014-02-27 23:09:53 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014-02-27 23:09:47 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014-02-21 15:37:29 | 016,265,096 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014-02-15 20:30:30 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013-11-01 11:34:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012-11-28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-11-28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2014-03-09 15:28:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014-02-21 15:37:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-02-15 20:30:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-02-06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013-12-18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-02-25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-01-04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010-11-26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-05-27 21:10:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-02-10 17:01:49 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2014-03-09 15:28:25 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014-03-09 15:28:25 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014-03-09 15:28:25 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014-03-09 15:28:25 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014-03-09 15:28:25 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2013-11-01 11:34:28 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013-11-01 11:34:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-08-30 08:48:11 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013-02-25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013-02-12 04:32:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-05-27 08:40:24 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09 15:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-03-10 14:22:16 | 000,000,000 | ---D | M]

[2010-05-16 12:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2014-02-22 22:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1e47x1p8.default\extensions
[2014-03-09 15:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014-02-15 20:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014-02-15 20:30:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014-03-10 14:12:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000..\Run: [GG] C:\Users\User\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2189539843-2385702206-1642891728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{339041F1-8E78-4E39-9C68-5343B52BDD81}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B58DEB3E-671F-4C6B-ADFC-BE225E91377A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D391C7-DE9B-44A9-9466-5909B059AFCD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-03-10 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014-03-10 14:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014-03-10 14:22:16 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014-03-10 14:21:58 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014-03-10 14:21:58 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014-03-10 14:21:58 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014-03-10 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-03-10 14:12:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-03-09 16:06:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-03-09 15:28:27 | 000,064,168 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014-02-26 22:59:32 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014-02-22 18:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014-02-22 18:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014-02-15 20:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014-02-14 19:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Counter Strike 1.6 PrO
[2014-02-14 01:18:13 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014-02-14 01:18:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014-02-14 01:18:13 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014-02-14 01:18:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014-02-14 01:18:12 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014-02-14 01:18:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014-02-14 01:18:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014-02-14 01:18:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014-02-14 01:18:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014-02-14 01:18:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014-02-14 01:18:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014-02-14 01:18:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014-02-14 01:18:11 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014-02-14 01:18:11 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014-02-14 01:18:09 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014-02-14 01:18:07 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014-02-13 14:44:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014-02-13 14:44:27 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014-02-13 14:44:27 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014-02-13 14:44:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014-02-13 14:44:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014-02-13 14:44:25 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014-02-13 14:44:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014-02-13 14:44:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014-02-13 14:44:25 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014-02-13 14:44:24 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014-02-13 14:44:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014-02-13 14:44:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

========== Files - Modified Within 30 Days ==========

[2014-03-10 14:21:49 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014-03-10 14:21:47 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014-03-10 14:21:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014-03-10 14:21:46 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014-03-10 14:12:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014-03-10 13:54:33 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-03-10 13:53:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189539843-2385702206-1642891728-1000UA.job
[2014-03-10 13:37:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-03-10 13:27:10 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-03-10 13:27:10 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-03-10 13:19:57 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-03-10 13:19:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-03-10 13:19:42 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2014-03-09 20:18:27 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014-03-09 19:53:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189539843-2385702206-1642891728-1000Core.job
[2014-03-09 15:28:50 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-03-09 15:28:25 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014-03-09 15:28:25 | 000,410,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014-03-09 15:28:25 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014-03-09 15:28:25 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014-03-09 15:28:25 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014-03-09 15:28:25 | 000,064,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014-03-09 15:28:25 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-03-04 15:02:03 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\google chrome.lnk
[2014-02-27 23:11:33 | 000,740,438 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014-02-27 23:11:33 | 000,654,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-02-27 23:11:33 | 000,156,012 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014-02-27 23:11:33 | 000,122,142 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-02-22 22:38:38 | 000,000,638 | ---- | M] () -- C:\Users\User\Desktop\PaintTool SAI Ver.1.lnk
[2014-02-22 17:44:04 | 000,286,254 | ---- | M] () -- C:\Users\User\Desktop\1j7WX1F.png
[2014-02-22 17:19:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2014-02-21 15:37:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-02-21 15:37:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-02-17 14:49:16 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini

========== Files Created - No Company Name ==========

[2014-03-09 15:47:22 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014-02-22 22:38:38 | 000,000,638 | ---- | C] () -- C:\Users\User\Desktop\PaintTool SAI Ver.1.lnk
[2014-02-22 17:44:03 | 000,286,254 | ---- | C] () -- C:\Users\User\Desktop\1j7WX1F.png
[2013-06-07 17:08:53 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-06-07 17:08:51 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012-10-04 16:17:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-01-28 19:36:00 | 000,010,240 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
[/spoiler]

 

oraz Gmer

[log]GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-10 14:51:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-2 ST3750528AS rev.CC38 698,64GB
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys


---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8CA31ACC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8CA325AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8CA3E692]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8CA3E6DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8CA3E878]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8CA3E600]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x8CAE8426]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8CA3E648]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8CA32AE0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8CA32CFC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8CA3E832]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8CA33398]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8CA31B32]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8CA36BE4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8CA3171E]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8CAE8506]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8CA31B98]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8CA36FDA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8CA33EDE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8CA3E6BC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8CA3E700]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8CA3E89C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8CA3E626]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8CA364DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8CA3E7B0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8CA3E670]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8CA368C6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8CA3E856]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8CAE82AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8CA33CF4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8CA33A02]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8CA31BFE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8CA31C64]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8CAE8602]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8CA317B8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8CA3198A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8CA31918]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8CA33562]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8CA336C4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8CA31A12]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8CAE8378]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8CA331F2]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8CA31CCA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8CA32606]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A7AA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB4212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82ABB460 4 Bytes [CC, 1A, A3, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82ABB4E8 4 Bytes [AA, 25, A3, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82ABB53C 8 Bytes [92, E6, A3, 8C, DE, E6, A3, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82ABB548 4 Bytes [78, E8, A3, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82ABB564 4 Bytes [00, E6, A3, 8C]
.text ...

---- User code sections - GMER 2.1 ----

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[324] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[396] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[456] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\system32\services.exe[512] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrLoadDll 76E022AE 5 Bytes JMP 72881FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 7671941E 7 Bytes JMP 5496049D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] KERNEL32.dll!QueryPerformanceCounter + 13 7671C425 7 Bytes JMP 54960455 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] KERNEL32.dll!LoadAppInitDlls + 355 7671F4E6 7 Bytes JMP 54575A06 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] KERNEL32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] GDI32.dll!GetViewportOrgEx + 26C 7668884B 7 Bytes JMP 549604C4 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[728] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[772] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[796] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text ...
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateFile + 6 76DE560E 4 Bytes [28, A0, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateFile + B 76DE5613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateKey + 6 76DE564E 4 Bytes [68, A1, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateKey + B 76DE5653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateMutant + 6 76DE568E 4 Bytes [68, A2, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateMutant + B 76DE5693 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateSection + 6 76DE572E 4 Bytes [A8, A2, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtCreateSection + B 76DE5733 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtMapViewOfSection + 6 76DE5C6E 4 Bytes CALL 75DE6417 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtMapViewOfSection + B 76DE5C73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenFile + 6 76DE5D1E 4 Bytes [68, A0, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenFile + B 76DE5D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenKey + 6 76DE5D4E 4 Bytes [A8, A1, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenKey + B 76DE5D53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenKeyEx + 6 76DE5D5E 4 Bytes CALL 75DE6504 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenKeyEx + B 76DE5D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenMutant + 6 76DE5D9E 4 Bytes [28, A2, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenMutant + B 76DE5DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenProcess + 6 76DE5DCE 4 Bytes [68, A3, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenProcess + B 76DE5DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenProcessToken + 6 76DE5DDE 4 Bytes [A8, A3, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenProcessToken + B 76DE5DE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenProcessTokenEx + 6 76DE5DEE 4 Bytes [68, A4, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenProcessTokenEx + B 76DE5DF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenSection + 6 76DE5E0E 4 Bytes CALL 75DE65B5 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenSection + B 76DE5E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenThread + 6 76DE5E4E 4 Bytes [28, A3, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenThread + B 76DE5E53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenThreadToken + 6 76DE5E5E 4 Bytes [28, A4, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenThreadToken + B 76DE5E63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenThreadTokenEx + 6 76DE5E6E 4 Bytes [A8, A4, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtOpenThreadTokenEx + B 76DE5E73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtQueryAttributesFile + 6 76DE5F7E 4 Bytes [A8, A0, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtQueryAttributesFile + B 76DE5F83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtQueryFullAttributesFile + 6 76DE602E 4 Bytes CALL 75DE67D3 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtQueryFullAttributesFile + B 76DE6033 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtSetInformationFile + 6 76DE667E 4 Bytes [28, A1, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtSetInformationFile + B 76DE6683 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtSetInformationThread + 6 76DE66DE 4 Bytes CALL 75DE6E86 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtSetInformationThread + B 76DE66E3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtUnmapViewOfSection + 6 76DE69FE 4 Bytes [28, A5, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ntdll.dll!NtUnmapViewOfSection + B 76DE6A03 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] kernel32.dll!CreateProcessW 766D204D 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] kernel32.dll!CreateProcessA 766D2082 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!ActivateKeyboardLayout 76488203 5 Bytes JMP 001704F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!ScreenToClient 7648A506 7 Bytes JMP 00170670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!RegisterClipboardFormatA 7648C091 5 Bytes JMP 001702F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!RegisterClipboardFormatW 7648DF8D 5 Bytes JMP 001702B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!SetCursor 76493075 5 Bytes JMP 00170530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!MonitorFromWindow 76493622 7 Bytes JMP 00170630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!PostMessageW 7649447B 5 Bytes JMP 001705F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!IsWindowVisible 76494D69 7 Bytes JMP 001706B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetClientRect 764954DD 7 Bytes JMP 001705B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!MapWindowPoints 76495CAA 5 Bytes JMP 00170570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetParent 76496029 7 Bytes JMP 001706F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!EmptyClipboard 764A290C 5 Bytes JMP 00170130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!SetClipboardData 764A2962 5 Bytes JMP 00170170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetClipboardData 764A2BA7 5 Bytes JMP 00170030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetClipboardFormatNameW 764A5FD2 5 Bytes JMP 00170230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!SetClipboardViewer 764A6FF6 5 Bytes JMP 001704B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetClipboardFormatNameA 764A700A 5 Bytes JMP 00170270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!ChangeClipboardChain 764B147C 5 Bytes JMP 00170430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetTopWindow 764B24D9 7 Bytes JMP 00170730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!CloseClipboard 764B446C 5 Bytes JMP 001700B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!OpenClipboard 764B447E 5 Bytes JMP 00170070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!IsClipboardFormatAvailable 764B44FF 5 Bytes JMP 001700F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetClipboardSequenceNumber 764B4513 5 Bytes JMP 00170330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetClipboardOwner 764B4525 5 Bytes JMP 00170370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!CountClipboardFormats 764B470A 5 Bytes JMP 001701F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!EnumClipboardFormats 764B47EC 5 Bytes JMP 001701B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetOpenClipboardWindow 764B480B 5 Bytes JMP 001703F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!SetCursorPos 764CC1B0 5 Bytes JMP 00170770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetClipboardViewer 764E4AF7 5 Bytes JMP 00170470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] user32.DLL!GetPriorityClipboardFormat 764E4BF9 5 Bytes JMP 001703B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!DeleteObject 76685F14 5 Bytes JMP 001801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SelectObject 76686640 5 Bytes JMP 001805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetTextColor 76686906 5 Bytes JMP 00180A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetBkMode 766869B1 5 Bytes JMP 001808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!DeleteDC 76686EAA 5 Bytes JMP 00180170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetDeviceCaps 76686F7F 5 Bytes JMP 001803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!ExtSelectClipRgn 76687114 5 Bytes JMP 001802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SelectClipRgn 76687242 5 Bytes JMP 001805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetStretchBltMode 76687705 5 Bytes JMP 001806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetCurrentObject 76687917 5 Bytes JMP 00180370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextMetricsW 76687B8F 5 Bytes JMP 00180E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextAlign 76687DAF 5 Bytes JMP 00180D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!IntersectClipRect 76687DFE 5 Bytes JMP 001803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!ExtTextOutW 76688192 5 Bytes JMP 00180970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetTextAlign 7668828E 5 Bytes JMP 001809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetClipBox 76688525 5 Bytes JMP 00180330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!MoveToEx 76688C21 5 Bytes JMP 00180470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!StretchDIBits 7668A53E 5 Bytes JMP 00180770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!RestoreDC 7668A67B 5 Bytes JMP 00180530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SaveDC 7668A74B 5 Bytes JMP 00180570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextExtentPoint32W 7668B4B5 5 Bytes JMP 00180670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextFaceW 7668B73A 2 Bytes JMP 00180D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextFaceW + 3 7668B73D 2 Bytes [AF, 89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetFontData 7668BCC4 5 Bytes JMP 00180C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetWorldTransform 7668C90A 5 Bytes JMP 001806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!CreateDCA 7668CCA9 5 Bytes JMP 001800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!CreateDCW 7668CF79 5 Bytes JMP 001800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!CreateICW 7668CFD0 5 Bytes JMP 00180130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextMetricsA 7668D0F2 5 Bytes JMP 00180DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!Rectangle 7668F1FF 5 Bytes JMP 001809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!LineTo 7668F59B 5 Bytes JMP 00180430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetICMMode 7668FAA4 5 Bytes JMP 00180DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!ExtTextOutA 76690D20 5 Bytes JMP 00180930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextExtentPoint32A 7669117F 5 Bytes JMP 00180630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!ExtEscape 76692D49 5 Bytes JMP 001802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!Escape 76693400 5 Bytes JMP 00180270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!ResetDCW 76693A9B 5 Bytes JMP 00180AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!EndPage 766940DA 5 Bytes JMP 00180230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetPolyFillMode 766967E1 5 Bytes JMP 00180B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SetMiterLimit 7669699D 5 Bytes JMP 00180B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetTextFaceA 766A0D22 5 Bytes JMP 00180CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!GetGlyphOutlineW 766AC2DA 5 Bytes JMP 00180CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!CreateScalableFontResourceW 766AE937 5 Bytes JMP 00180BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!AddFontResourceW 766AED33 5 Bytes JMP 00180BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!RemoveFontResourceW 766AF229 5 Bytes JMP 00180C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!AbortDoc 766B4E29 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!EndDoc 766B5270 5 Bytes JMP 001801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!StartPage 766B535B 5 Bytes JMP 00180730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!StartDocW 766B5D76 5 Bytes JMP 001807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!BeginPath 766B651D 5 Bytes JMP 00180830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!SelectClipPath 766B6574 5 Bytes JMP 00180AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!CloseFigure 766B65CF 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!EndPath 766B6626 5 Bytes JMP 00180A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!StrokePath 766B6859 5 Bytes JMP 001807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!FillPath 766B68E6 5 Bytes JMP 00180870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!PolylineTo 766B6D54 5 Bytes JMP 001804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!PolyBezierTo 766B6DE5 5 Bytes JMP 001804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] GDI32.dll!PolyDraw 766B6E97 5 Bytes JMP 001808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ole32.dll!OleSetClipboard 75170045 5 Bytes JMP 001A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ole32.dll!OleIsCurrentClipboard 751736B2 5 Bytes JMP 001A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[4940] ole32.dll!OleGetClipboard 7519FDCD 5 Bytes JMP 001A00B0
.text C:\Program Files\WinRAR\WinRAR.exe[5056] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5120] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5120] USER32.dll!RegisterMessagePumpHook + 2F1 76488B9E 7 Bytes JMP 548B76A0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5120] USER32.dll!IsDialogMessageW + 340 76494444 7 Bytes JMP 548B7711 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5120] USER32.dll!GetWindowInfo 76494B5E 5 Bytes JMP 548BB2EA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5120] USER32.dll!ToUnicodeEx + 71 764A2223 7 Bytes JMP 548B4E6D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\AUDIODG.EXE[5616] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5664] kernel32.dll!GetBinaryTypeW + 70 767369E4 1 Byte [62]

---- EOF - GMER 2.1 ----
[/log]

 

Mam nadzieje, że wykonałam wszystko dobrze :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.