x-kom hosting

[Rozwiązany] Rutynowa kontrola - logi.

jaskowski
utworzono
utworzono (edytowane)

OTL

 


[log]

OTL logfile created on: 2013-09-01 23:27:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\janek\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7,96 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,38% Memory free
15,93 Gb Paging File | 13,73 Gb Available in Paging File | 86,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360,48 Gb Total Space | 241,29 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
Drive D: | 571,03 Gb Total Space | 210,65 Gb Free Space | 36,89% Space Free | Partition Type: NTFS
Drive F: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JANUSZ | User Name: janek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-09-01 23:25:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\janek\Downloads\OTL.exe
PRC - [2013-08-17 10:16:24 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-08-06 19:56:38 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013-07-15 17:21:54 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013-07-12 23:35:28 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-09 20:16:06 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013-03-14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-12-27 14:38:20 | 000,458,752 | ---- | M] (Stamina) -- C:\Konnekt\konnekt.exe
PRC - [2012-12-05 20:15:37 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012-09-19 09:45:40 | 000,505,872 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
PRC - [2012-09-19 09:45:35 | 000,374,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2012-09-19 09:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012-09-19 09:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012-09-19 09:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012-09-12 09:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2012-02-21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011-10-03 21:17:30 | 001,945,600 | ---- | M] () -- C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
PRC - [2005-11-08 22:02:44 | 000,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer) -- C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
PRC - [2000-01-01 02:00:00 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


========== Modules (No Company Name) ==========

MOD - [2013-09-01 23:17:03 | 000,192,512 | ---- | M] () -- C:\Users\janek\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013-09-01 23:17:03 | 000,158,720 | ---- | M] () -- C:\Users\janek\AppData\Local\Temp\sfareca00001.dll
MOD - [2013-08-17 10:16:24 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-08-06 19:56:38 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013-08-06 19:56:38 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013-08-06 19:56:38 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013-07-15 17:21:54 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2012-12-12 21:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2011-10-03 21:17:30 | 001,945,600 | ---- | M] () -- C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
MOD - [2011-08-24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011-08-24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd
MOD - [2011-08-24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
MOD - [2006-10-03 21:40:52 | 000,049,152 | ---- | M] () -- C:\Konnekt\plugins\kMigacz.dll
MOD - [2005-09-18 16:06:14 | 000,049,152 | ---- | M] () -- C:\Konnekt\SMemory.dll
MOD - [2005-09-15 12:54:41 | 000,069,632 | ---- | M] () -- C:\Konnekt\data\dll\libgaduw32.dll
MOD - [2003-12-23 13:28:04 | 000,253,952 | ---- | M] () -- C:\Konnekt\data\dll\LuaPlus.dll
MOD - [2003-04-11 03:01:04 | 000,159,744 | ---- | M] () -- C:\Konnekt\data\dll\ssleay32.dll
MOD - [2003-04-11 03:00:32 | 000,839,680 | ---- | M] () -- C:\Konnekt\data\dll\libeay32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012-02-09 17:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2012-02-02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-08-21 03:46:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-17 10:16:24 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-03-14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013-02-04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012-12-17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-09-19 09:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012-09-19 09:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012-09-19 09:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012-02-21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2000-01-01 02:00:00 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-09-01 23:16:45 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013-07-01 17:09:10 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013-05-09 22:24:50 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-01-02 21:00:27 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013-01-02 21:00:27 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012-12-05 20:15:37 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-05-12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012-04-16 15:56:34 | 000,018,456 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-09 17:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012-02-09 17:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012-02-09 17:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011-12-07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011-11-10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-04-20 04:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011-02-08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-04-19 05:31:00 | 001,065,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:64bit: - [2000-01-01 02:00:00 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2000-01-01 02:00:00 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV - [2012-09-19 16:12:50 | 000,147,704 | ---- | M] (CyberLink Corp.) [2013/04/21 17:59:16] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2012-06-20 11:35:49 | 000,083,704 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2010-01-29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..\SearchScopes\{438CC304-0487-4804-B9C2-D0285629C32F}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.order.1: "v9"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('.brightcove.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-08-06 19:56:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012-12-05 22:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\Extensions
[2013-09-01 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\Firefox\Profiles\ccbs7ewd.default\extensions
[2013-08-29 18:06:41 | 000,377,144 | ---- | M] () (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\firefox\profiles\ccbs7ewd.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013-09-01 18:06:46 | 000,015,315 | ---- | M] () (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\firefox\profiles\ccbs7ewd.default\extensions\p24ext@przelewy24.pl.xpi
[2013-07-31 17:16:12 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\firefox\profiles\ccbs7ewd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-08-17 10:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-08-17 10:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-08-17 10:16:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012-12-16 19:46:28 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft(R) MMO Gaming Mouse Legendary Edition] C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000..\Run: [Konnekt] C:\Konnekt\konnekt.exe (Stamina)
O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: SpeedFan = "C:\Program Files (x86)\SpeedFan\speedfan.exe" (Almico Software (www.almico.com))
O7 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit:

O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..Trusted Domains: mks.com.pl ([www] https in Zaufane witryny)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1FB948-1C68-498B-AE68-89B667FDFC3A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE08DCE3-3131-4976-AAAB-83B8F95BE684}: DhcpNameServer = 62.179.1.62 62.179.1.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1CDDC00-2617-4A47-A66F-4A0DFC618B9D}: DhcpNameServer = 62.179.1.62 62.179.1.63
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4dfd9da6-5505-11e2-a9f9-bc5ff465325b}\Shell - "" = AutoRun
O33 - MountPoints2\{4dfd9da6-5505-11e2-a9f9-bc5ff465325b}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{537c4808-3f3e-11e2-ad73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{537c4808-3f3e-11e2-ad73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-09-01 23:21:07 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2013-09-01 23:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013-09-01 23:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3
[2013-09-01 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\janek\AppData\Local\calibre-cache
[2013-09-01 22:28:26 | 000,000,000 | ---D | C] -- C:\Users\janek\Documents\Biblioteka calibre
[2013-09-01 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\janek\AppData\Roaming\calibre
[2013-09-01 22:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2013-09-01 22:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
[2013-09-01 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\janek\.android
[2013-09-01 22:22:41 | 000,000,000 | ---D | C] -- C:\Users\janek\Desktop\Drivers
[2013-09-01 22:22:30 | 000,163,352 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsnet.sys
[2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsnmea.sys
[2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsmdm.sys
[2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsdiagMDM.sys
[2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsdiagAP.sys
[2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsat.sys
[2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsvousb.sys
[2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghstrace.sys
[2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsnmea.sys
[2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsmdm.sys
[2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsdiagmdm.sys
[2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsdiag.sys
[2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsat.sys
[2013-09-01 22:22:30 | 000,039,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zghsvcom.sys
[2013-09-01 22:22:30 | 000,018,456 | ---- | C] (HandSet Incorporated) -- C:\Windows\SysNative\drivers\massfilter_hs.sys
[2013-09-01 22:22:29 | 001,002,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll
[2013-09-01 22:22:29 | 000,102,936 | ---- | C] (Google, inc) -- C:\Windows\AdbWinApi.dll
[2013-09-01 22:22:29 | 000,067,608 | ---- | C] (Google, inc) -- C:\Windows\AdbWinUsbApi.dll
[2013-09-01 22:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE Handset USB Driver
[2013-08-24 12:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013-08-24 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2013-08-24 12:38:46 | 000,000,000 | ---D | C] -- C:\Users\janek\Documents\Guild Wars 2
[2013-08-17 10:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-08-15 21:54:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013-08-15 21:54:08 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013-08-15 21:54:08 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013-08-15 21:54:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013-08-15 21:54:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013-08-15 21:54:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013-08-15 21:54:06 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013-08-15 21:54:06 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013-08-15 21:54:06 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013-08-15 21:54:06 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013-08-15 21:54:06 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013-08-15 21:54:06 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013-08-15 21:54:06 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013-08-15 21:54:06 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013-08-15 21:54:05 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013-08-15 21:54:05 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013-08-15 21:54:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013-08-15 21:54:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013-08-15 21:54:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013-08-15 21:54:05 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013-08-15 21:54:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013-08-15 21:54:05 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013-08-15 21:54:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013-08-15 21:54:05 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2013-08-15 21:54:05 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2013-08-15 21:54:04 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013-08-15 21:54:04 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013-08-15 21:54:04 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013-08-15 21:54:04 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013-08-15 21:54:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013-08-15 21:54:04 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013-08-15 21:54:04 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013-08-15 21:45:27 | 000,428,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013-08-15 21:42:12 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013-08-15 21:42:12 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013-08-15 21:42:12 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013-08-15 21:42:12 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013-08-15 21:42:12 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013-08-15 21:42:12 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013-08-15 21:42:12 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013-08-15 21:42:12 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013-08-15 21:42:12 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013-08-15 21:42:12 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013-08-15 21:42:12 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013-08-15 21:42:12 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013-08-15 21:42:12 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013-08-15 21:42:12 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013-08-15 21:42:12 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013-08-15 21:42:12 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013-08-15 21:42:12 | 000,420,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013-08-15 21:42:12 | 000,364,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013-08-15 21:42:12 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013-08-15 21:42:12 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013-08-15 21:42:12 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013-08-15 21:42:12 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013-08-15 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\janek\AppData\Local\SlimWare Utilities Inc
[2013-08-15 21:33:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013-08-15 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013-08-15 01:41:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-08-15 01:41:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-08-15 01:41:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-08-15 01:41:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-08-15 01:41:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-08-15 01:41:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-08-15 01:41:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-08-15 01:41:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-08-15 01:41:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-08-15 01:41:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-08-15 01:41:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-08-15 01:41:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-08-15 01:41:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-08-15 01:41:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-08-15 01:41:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-08-15 01:38:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013-08-14 23:35:43 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013-08-14 23:35:43 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013-08-14 23:35:43 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013-08-14 23:35:27 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013-08-14 23:35:27 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013-08-14 23:35:26 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013-08-14 23:35:24 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-08-14 23:35:24 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-08-14 23:35:24 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-08-14 23:35:24 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-08-14 23:35:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-08-14 23:35:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-08-14 23:35:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-08-14 23:35:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-08-14 23:35:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-08-14 23:35:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-08-13 15:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameforgeLive
[2013-08-06 19:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013-08-04 11:54:47 | 000,000,000 | ---D | C] -- C:\Users\janek\Desktop\berendsen
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-09-01 23:23:51 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-01 23:23:51 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-01 23:22:43 | 001,663,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-09-01 23:22:43 | 000,737,942 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-09-01 23:22:43 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-09-01 23:22:43 | 000,154,630 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-09-01 23:22:43 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-09-01 23:21:09 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013-09-01 23:21:03 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013-09-01 23:16:53 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-01 23:16:48 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013-09-01 23:16:45 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013-09-01 23:16:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-01 23:16:29 | 2118,979,583 | -HS- | M] () -- C:\hiberfil.sys
[2013-09-01 22:46:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-09-01 22:40:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-01 22:28:16 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
[2013-09-01 22:23:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013-08-24 12:39:51 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013-08-21 03:46:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-08-21 03:46:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-08-20 11:21:52 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-09-01 23:21:09 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013-09-01 23:21:03 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013-09-01 23:21:01 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013-09-01 22:28:16 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
[2013-09-01 22:23:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013-09-01 22:22:29 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2013-08-24 12:39:51 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013-08-15 21:54:05 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013-08-15 21:45:27 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013-06-15 10:19:51 | 001,638,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-02-18 23:03:23 | 000,000,871 | ---- | C] () -- C:\Users\janek\AppData\Local\recently-used.xbel
[2013-02-04 23:03:56 | 000,082,072 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2012-12-05 20:15:46 | 000,000,003 | ---- | C] () -- C:\Users\janek\AppData\Local\user_data.ini
[2012-12-05 20:07:32 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2012-02-02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-06-13 07:08:13 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\0C908378-A0AE-47B2-AC7C-7D08A2A1D4C8
[2013-02-22 00:21:22 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Acronis
[2013-03-20 23:44:53 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Audacity
[2013-02-04 01:22:03 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Banamalon
[2013-02-04 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\CAD-KAS
[2013-09-01 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\calibre
[2013-01-18 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Canneverbe Limited
[2013-06-16 11:04:40 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\DAEMON Tools Lite
[2012-12-05 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\DeviceVm
[2013-09-01 23:11:49 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\foobar2000
[2012-12-05 22:24:09 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\GHISLER
[2013-09-01 23:21:03 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\GlarySoft
[2013-02-25 23:00:45 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\IObit
[2013-04-11 21:41:04 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Mumble
[2012-12-06 00:15:53 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\NapiProjekt
[2012-12-24 03:21:38 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Notepad++
[2012-12-12 09:36:20 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Sports Interactive
[2013-01-23 18:16:21 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\SteelSeries
[2012-12-24 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Subversion
[2013-07-03 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\TERA
[2012-12-05 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Thunderbird
[2013-04-22 21:45:56 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\TS3Client
[2013-09-01 23:29:06 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

[/log]

 

OTL EXTRAS

 


[log]

OTL Extras logfile created on: 2013-09-01 23:27:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\janek\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7,96 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,38% Memory free
15,93 Gb Paging File | 13,73 Gb Available in Paging File | 86,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360,48 Gb Total Space | 241,29 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
Drive D: | 571,03 Gb Total Space | 210,65 Gb Free Space | 36,89% Space Free | Partition Type: NTFS
Drive F: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JANUSZ | User Name: janek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E698147-AAF7-460A-A7B1-043EA86C74D8}" = dir=in | app=c:\users\janek\appdata\local\microsoft\skydrive\skydrive.exe |
"{13F339DC-E2B8-43E4-A8EB-3574BC104B8F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{17EDC058-5B0A-49F0-92AC-966A92518F34}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{18C5A20F-F7A6-4CC8-A431-8C2A1E252982}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{25AEA155-CAA0-43BC-81EA-655FE93BB28E}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{2B644E30-320C-4D5F-8A25-DA4227EDB82C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3A801D78-7184-443B-83F0-59DD50A67093}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{46079508-0805-4218-8479-36787E9219BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{645BD4B9-35AC-4EAA-9B8C-97F57A818B56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{9A3233DA-11AC-4A37-A2A0-188A19C28FA1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{9C8C7D67-DFA3-44A2-AA9E-69B3588A3E79}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{A7C2C9B1-4DCD-45A0-96D0-74A0041D562C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{AE76A209-7C6E-4F8A-8597-49BF74814D1E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C3DA7E0D-543B-4F7B-9C28-7AB7ED692354}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{DDF5198C-6DD7-4E41-95DE-42DC2808308E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{E2164D82-B41A-4EB2-BAE0-7C64CC1E6647}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{F7B312C5-5DF0-4166-B4BE-D45A591429BC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{5685760C-8200-4DE3-96F6-793D96BBD072}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{F987ACE3-052C-43A5-A72E-8C7AA69D341D}C:\konnekt\konnekt.exe" = protocol=6 | dir=in | app=c:\konnekt\konnekt.exe |
"UDP Query User{8E4B0A1D-61D3-49FA-9B6E-ADE59089EF8F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{B058C2DE-43CD-4FBC-819A-C3E81BFD72CE}C:\konnekt\konnekt.exe" = protocol=17 | dir=in | app=c:\konnekt\konnekt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{12ABC13D-6540-483D-92B9-30CE1667B002}" = Intel(R) Smart Connect Technology 2.0 x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B13A3F1-F66A-42FB-9E62-98952D582187}" = TortoiseSVN 1.7.11.23600 (64 bit)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB}" = calibre 64bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0F7DD176693D493C7502506ABE5F948A4C14EA2E" = Pakiet sterowników systemu Windows - SteelSeries (HidUsb) HIDClass (06/09/2010 1.0.2.0)
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.4
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D8FB164-2A7D-43B2-A59E-E16BF568ACB0}" = Honorbuddy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA909E80-DC40-4AF0-A693-376F9F1C8582}" = World of Warcraft(R) MMO Gaming Mouse: Legendary Edition
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"foobar2000" = foobar2000 v1.1.18
"Glary Utilities 3" = Glary Utilities 3.9
"Glary Utilities_is1" = Glary Utilities 2.51.0.1666
"Guild Wars 2" = Guild Wars 2
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Konnekt" = Konnekt
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 pl)" = Mozilla Firefox 23.0.1 (x86 pl)
"Mozilla Thunderbird 17.0.8 (x86 pl)" = Mozilla Thunderbird 17.0.8 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NapiProjekt_is1" = NapiProjekt (2.1.0.2287)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OCCT" = OCCT 4.3.2
"OpenAL" = OpenAL
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Thunderbird-Tray" = Thunderbird-Tray
"UltraISO_is1" = UltraISO Premium V9.53
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"World of Warcraft" = World of Warcraft
"XFastUSB" = XFastUSB

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17c3ec1c-d814-4d83-ac88-062376366583}" = Honorbuddy
"BankBrowser" = BankBrowser
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-95478261-1155690265-3867789506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-09-01 16:37:40 | Computer Name = janusz | Source = Windows Search Service | ID = 9002
Description =

Error - 2013-09-01 16:37:40 | Computer Name = janusz | Source = Windows Search Service | ID = 3029
Description =

Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 3029
Description =

Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 3028
Description =

Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 3058
Description =

Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 7010
Description =

Error - 2013-09-01 16:38:52 | Computer Name = janusz | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-01 17:16:45 | Computer Name = janusz | Source = ISCT Agent | ID = 1003
Description =

Error - 2013-09-01 17:18:20 | Computer Name = janusz | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-01 17:29:44 | Computer Name = janusz | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Windows Search.

Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu:
%%1053

Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Windows Search.

Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu:
%%1053

Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Windows Search.

Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu:
%%1053

Error - 2013-09-01 16:38:12 | Computer Name = janusz | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Windows Search.

Error - 2013-09-01 16:38:12 | Computer Name = janusz | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu:
%%1053

Error - 2013-09-01 16:38:13 | Computer Name = janusz | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Windows Search.

Error - 2013-09-01 16:38:13 | Computer Name = janusz | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu:
%%1053


< End of report >

[/log]

 

 

GMER

 


[log]

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-01 23:40:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1001FALS-00E3A0 rev.05.01D05 931,51GB
Running: gosnor7i.exe; Driver: C:\Users\janek\AppData\Local\Temp\kwldypog.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76]
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76]
.text ... * 2
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76]
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76]
.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetAclInformation] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!OpenProcessToken] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection] [43005c004d0045]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC] [65007200720075]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits] [6f00430074006e]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC] [6f00720074006e]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject] [7400650053006c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt] [7200650053005c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW] [65006300690076]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject] [440052005c0073]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetTemporaryPropertyForItem] [7700740065004e]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetFolderPathAndSubDirW] [690076006f0072]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify] [65006d0061004e]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!StrCmpNIW] [100005306]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathFindExtensionW] [27c0000052f0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHRegGetValueW] [25b000002628]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [2edc00001748]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW] [535100005345]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW] [536a00005360]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsNetworkPathW] [53930000537a]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathStripToRootW] [53ba000053a7]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathSkipRootW] [3000200010000]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathAppendW] [7264000b00090008]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW] [6c6c642e766f7270]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW] [6f43646441504e00]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW] [6e6f697463656e6e]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW] [6f43646441504e00]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessHeap] [7600650044005c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!HeapFree] [5c006500630069]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls] [44007000640052]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW] [5c00000072]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [640025]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary] [3b005c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError] [3a]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!lstrlenW] [730074005c005c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW] [650069006c0063]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentThreadId] [74006e]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileAttributesW] [ffffffff000056f8]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW] [56ecffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW] [576800005000]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindNextFileW] [5070000056e0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindClose] [ffffffff000057c0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW] [56b4ffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [57e0000050c8]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MoveFileExW] [50e800005694]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetVolumeInformationW] [ffffffff000057f8]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW] [5670ffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv] [580800005100]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileSize] [511000005650]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RaiseException] [ffffffff00005820]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer] [583000005128]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEndOfFile] [5138000055f8]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount] [586000005158]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnmapViewOfFile] [5168000055ac]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!Sleep] [ffffffff00005888]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter] [5588ffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId] [589800005190]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!TerminateProcess] [51a000005564]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcess] [ffffffff000058b0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter] [5558ffffffff]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [51b8]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DuplicateHandle] [0]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalFree] [642e4154534e4957]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW] [2d49504100006c6c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime] [432d6e69572d534d]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess] [497379532d65726f]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessId] [312d314c2d6f666e]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateMutexW] [6c6c642e302d]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW] [572d534d2d495041]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex] [2d65726f432d6e69]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent] [2d656c69666f7250]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ResetEvent] [642e302d312d314c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileMappingW] [2d49504100006c6c]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile] [432d6e69572d534d]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx] [636f72502d65726f]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle] [6165726854737365]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WaitForSingleObject] [2d312d314c2d7364]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemInfo] [6c6c642e30]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx] [2d65726f432d6e69]
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[PROPSYS.dll!PropVariantToUInt64] [6c6c642e302d31]

---- EOF - GMER 2.1 ----

[/log]

Natsuki Kuga
komentarz
komentarz

Korzystasz z proxy?

jaskowski
komentarz
komentarz

Yes sir.

Natsuki Kuga
komentarz
komentarz

W takim razie logi czyste - możesz użyć opcji [b]Sprzątanie[/b] w OTL.

 

To wszystko.

jaskowski
komentarz
komentarz

Dzięki za rzucenie okiem!

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.