jaskowski utworzono 1 września 2013 utworzono 1 września 2013 (edytowane) OTL [log] OTL logfile created on: 2013-09-01 23:27:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\janek\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,96 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,38% Memory free 15,93 Gb Paging File | 13,73 Gb Available in Paging File | 86,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 360,48 Gb Total Space | 241,29 Gb Free Space | 66,94% Space Free | Partition Type: NTFS Drive D: | 571,03 Gb Total Space | 210,65 Gb Free Space | 36,89% Space Free | Partition Type: NTFS Drive F: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JANUSZ | User Name: janek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2013-09-01 23:25:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\janek\Downloads\OTL.exe PRC - [2013-08-17 10:16:24 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-08-06 19:56:38 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2013-07-15 17:21:54 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe PRC - [2013-07-12 23:35:28 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-04-09 20:16:06 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2013-03-14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-12-27 14:38:20 | 000,458,752 | ---- | M] (Stamina) -- C:\Konnekt\konnekt.exe PRC - [2012-12-05 20:15:37 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe PRC - [2012-09-19 09:45:40 | 000,505,872 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe PRC - [2012-09-19 09:45:35 | 000,374,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe PRC - [2012-09-19 09:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe PRC - [2012-09-19 09:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe PRC - [2012-09-19 09:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe PRC - [2012-09-12 09:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe PRC - [2012-02-21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011-10-03 21:17:30 | 001,945,600 | ---- | M] () -- C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe PRC - [2005-11-08 22:02:44 | 000,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer) -- C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe PRC - [2000-01-01 02:00:00 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe========== Modules (No Company Name) ========== MOD - [2013-09-01 23:17:03 | 000,192,512 | ---- | M] () -- C:\Users\janek\AppData\Local\Temp\sfamcc00001.dll MOD - [2013-09-01 23:17:03 | 000,158,720 | ---- | M] () -- C:\Users\janek\AppData\Local\Temp\sfareca00001.dll MOD - [2013-08-17 10:16:24 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-08-06 19:56:38 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2013-08-06 19:56:38 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2013-08-06 19:56:38 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2013-07-15 17:21:54 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll MOD - [2012-12-12 21:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll MOD - [2011-10-03 21:17:30 | 001,945,600 | ---- | M] () -- C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe MOD - [2011-08-24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd MOD - [2011-08-24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd MOD - [2011-08-24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd MOD - [2006-10-03 21:40:52 | 000,049,152 | ---- | M] () -- C:\Konnekt\plugins\kMigacz.dll MOD - [2005-09-18 16:06:14 | 000,049,152 | ---- | M] () -- C:\Konnekt\SMemory.dll MOD - [2005-09-15 12:54:41 | 000,069,632 | ---- | M] () -- C:\Konnekt\data\dll\libgaduw32.dll MOD - [2003-12-23 13:28:04 | 000,253,952 | ---- | M] () -- C:\Konnekt\data\dll\LuaPlus.dll MOD - [2003-04-11 03:01:04 | 000,159,744 | ---- | M] () -- C:\Konnekt\data\dll\ssleay32.dll MOD - [2003-04-11 03:00:32 | 000,839,680 | ---- | M] () -- C:\Konnekt\data\dll\libeay32.dll========== Services (SafeList) ========== SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012-02-09 17:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV:64bit: - [2012-02-02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-08-21 03:46:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-08-17 10:16:24 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-03-14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013-02-04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012-12-17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-09-19 09:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service) SRV - [2012-09-19 09:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service) SRV - [2012-09-19 09:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12) SRV - [2012-02-21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2000-01-01 02:00:00 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)========== Driver Services (SafeList) ========== DRV:64bit: - [2013-09-01 23:16:45 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013-07-01 17:09:10 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2013-05-09 22:24:50 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013-01-02 21:00:27 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013-01-02 21:00:27 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012-12-05 20:15:37 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012-05-12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012-04-16 15:56:34 | 000,018,456 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012-02-09 17:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012-02-09 17:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012-02-09 17:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2011-12-07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2011-11-10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011-04-20 04:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-02-08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011-02-08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-04-19 05:31:00 | 001,065,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV:64bit: - [2000-01-01 02:00:00 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2000-01-01 02:00:00 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV - [2012-09-19 16:12:50 | 000,147,704 | ---- | M] (CyberLink Corp.) [2013/04/21 17:59:16] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6}) DRV - [2012-06-20 11:35:49 | 000,083,704 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12) DRV - [2010-01-29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..\SearchScopes\{438CC304-0487-4804-B9C2-D0285629C32F}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} IE - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ========== FF - prefs.js..browser.search.order.1: "v9" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('.brightcove.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-08-06 19:56:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012-12-05 22:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\Extensions [2013-09-01 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\Firefox\Profiles\ccbs7ewd.default\extensions [2013-08-29 18:06:41 | 000,377,144 | ---- | M] () (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\firefox\profiles\ccbs7ewd.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-09-01 18:06:46 | 000,015,315 | ---- | M] () (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\firefox\profiles\ccbs7ewd.default\extensions\p24ext@przelewy24.pl.xpi [2013-07-31 17:16:12 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\janek\AppData\Roaming\mozilla\firefox\profiles\ccbs7ewd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-17 10:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-08-17 10:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-08-17 10:16:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012-12-16 19:46:28 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [SteelSeries World of Warcraft(R) MMO Gaming Mouse Legendary Edition] C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe () O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000..\Run: [Konnekt] C:\Konnekt\konnekt.exe (Stamina) O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-95478261-1155690265-3867789506-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: SpeedFan = "C:\Program Files (x86)\SpeedFan\speedfan.exe" (Almico Software (www.almico.com)) O7 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-95478261-1155690265-3867789506-1000\..Trusted Domains: mks.com.pl ([www] https in Zaufane witryny) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1FB948-1C68-498B-AE68-89B667FDFC3A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE08DCE3-3131-4976-AAAB-83B8F95BE684}: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1CDDC00-2617-4A47-A66F-4A0DFC618B9D}: DhcpNameServer = 62.179.1.62 62.179.1.63 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4dfd9da6-5505-11e2-a9f9-bc5ff465325b}\Shell - "" = AutoRun O33 - MountPoints2\{4dfd9da6-5505-11e2-a9f9-bc5ff465325b}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{537c4808-3f3e-11e2-ad73-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{537c4808-3f3e-11e2-ad73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (BootDefrag.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ========== [2013-09-01 23:21:07 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe [2013-09-01 23:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3 [2013-09-01 23:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3 [2013-09-01 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\janek\AppData\Local\calibre-cache [2013-09-01 22:28:26 | 000,000,000 | ---D | C] -- C:\Users\janek\Documents\Biblioteka calibre [2013-09-01 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\janek\AppData\Roaming\calibre [2013-09-01 22:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2013-09-01 22:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management [2013-09-01 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\janek\.android [2013-09-01 22:22:41 | 000,000,000 | ---D | C] -- C:\Users\janek\Desktop\Drivers [2013-09-01 22:22:30 | 000,163,352 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsnet.sys [2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsnmea.sys [2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsmdm.sys [2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsdiagMDM.sys [2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsdiagAP.sys [2013-09-01 22:22:30 | 000,129,176 | ---- | C] (HS Incorporated) -- C:\Windows\SysNative\drivers\ghsat.sys [2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsvousb.sys [2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghstrace.sys [2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsnmea.sys [2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsmdm.sys [2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsdiagmdm.sys [2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsdiag.sys [2013-09-01 22:22:30 | 000,128,624 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zghsat.sys [2013-09-01 22:22:30 | 000,039,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zghsvcom.sys [2013-09-01 22:22:30 | 000,018,456 | ---- | C] (HandSet Incorporated) -- C:\Windows\SysNative\drivers\massfilter_hs.sys [2013-09-01 22:22:29 | 001,002,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll [2013-09-01 22:22:29 | 000,102,936 | ---- | C] (Google, inc) -- C:\Windows\AdbWinApi.dll [2013-09-01 22:22:29 | 000,067,608 | ---- | C] (Google, inc) -- C:\Windows\AdbWinUsbApi.dll [2013-09-01 22:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE Handset USB Driver [2013-08-24 12:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2013-08-24 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2013-08-24 12:38:46 | 000,000,000 | ---D | C] -- C:\Users\janek\Documents\Guild Wars 2 [2013-08-17 10:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-08-15 21:54:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013-08-15 21:54:08 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013-08-15 21:54:08 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013-08-15 21:54:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013-08-15 21:54:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013-08-15 21:54:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013-08-15 21:54:06 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013-08-15 21:54:06 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013-08-15 21:54:06 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013-08-15 21:54:06 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013-08-15 21:54:06 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013-08-15 21:54:06 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013-08-15 21:54:06 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013-08-15 21:54:06 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013-08-15 21:54:05 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013-08-15 21:54:05 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2013-08-15 21:54:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013-08-15 21:54:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013-08-15 21:54:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013-08-15 21:54:05 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013-08-15 21:54:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013-08-15 21:54:05 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2013-08-15 21:54:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013-08-15 21:54:05 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll [2013-08-15 21:54:05 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll [2013-08-15 21:54:04 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013-08-15 21:54:04 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013-08-15 21:54:04 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013-08-15 21:54:04 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2013-08-15 21:54:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013-08-15 21:54:04 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013-08-15 21:54:04 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013-08-15 21:45:27 | 000,428,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013-08-15 21:42:12 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013-08-15 21:42:12 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013-08-15 21:42:12 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013-08-15 21:42:12 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013-08-15 21:42:12 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013-08-15 21:42:12 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013-08-15 21:42:12 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013-08-15 21:42:12 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013-08-15 21:42:12 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013-08-15 21:42:12 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013-08-15 21:42:12 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013-08-15 21:42:12 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013-08-15 21:42:12 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013-08-15 21:42:12 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013-08-15 21:42:12 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013-08-15 21:42:12 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013-08-15 21:42:12 | 000,420,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2013-08-15 21:42:12 | 000,364,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2013-08-15 21:42:12 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013-08-15 21:42:12 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013-08-15 21:42:12 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013-08-15 21:42:12 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013-08-15 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\janek\AppData\Local\SlimWare Utilities Inc [2013-08-15 21:33:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013-08-15 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers [2013-08-15 01:41:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-08-15 01:41:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-08-15 01:41:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-08-15 01:41:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-08-15 01:41:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-08-15 01:41:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-08-15 01:41:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-08-15 01:41:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-08-15 01:41:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-08-15 01:41:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-08-15 01:41:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-08-15 01:41:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-08-15 01:41:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-08-15 01:41:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-08-15 01:41:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-08-15 01:38:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013-08-14 23:35:43 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-08-14 23:35:43 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013-08-14 23:35:43 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-08-14 23:35:27 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013-08-14 23:35:27 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013-08-14 23:35:26 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013-08-14 23:35:24 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-08-14 23:35:24 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-08-14 23:35:24 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-08-14 23:35:24 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-08-14 23:35:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-08-14 23:35:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-08-14 23:35:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-08-14 23:35:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-08-14 23:35:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-08-14 23:35:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-08-13 15:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameforgeLive [2013-08-06 19:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013-08-04 11:54:47 | 000,000,000 | ---D | C] -- C:\Users\janek\Desktop\berendsen [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files - Modified Within 30 Days ========== [2013-09-01 23:23:51 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-09-01 23:23:51 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-09-01 23:22:43 | 001,663,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-09-01 23:22:43 | 000,737,942 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-09-01 23:22:43 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-09-01 23:22:43 | 000,154,630 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-09-01 23:22:43 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-09-01 23:21:09 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk [2013-09-01 23:21:03 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013-09-01 23:16:53 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-09-01 23:16:48 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013-09-01 23:16:45 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013-09-01 23:16:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-09-01 23:16:29 | 2118,979,583 | -HS- | M] () -- C:\hiberfil.sys [2013-09-01 22:46:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-09-01 22:40:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-09-01 22:28:16 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk [2013-09-01 22:23:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2013-08-24 12:39:51 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013-08-21 03:46:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-08-21 03:46:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-08-20 11:21:52 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files Created - No Company Name ========== [2013-09-01 23:21:09 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk [2013-09-01 23:21:03 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013-09-01 23:21:01 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk [2013-09-01 22:28:16 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk [2013-09-01 22:23:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2013-09-01 22:22:29 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe [2013-08-24 12:39:51 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013-08-15 21:54:05 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013-08-15 21:45:27 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013-06-15 10:19:51 | 001,638,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-02-18 23:03:23 | 000,000,871 | ---- | C] () -- C:\Users\janek\AppData\Local\recently-used.xbel [2013-02-04 23:03:56 | 000,082,072 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2012-12-05 20:15:46 | 000,000,003 | ---- | C] () -- C:\Users\janek\AppData\Local\user_data.ini [2012-12-05 20:07:32 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2012-02-02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ========== [2013-06-13 07:08:13 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\0C908378-A0AE-47B2-AC7C-7D08A2A1D4C8 [2013-02-22 00:21:22 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Acronis [2013-03-20 23:44:53 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Audacity [2013-02-04 01:22:03 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Banamalon [2013-02-04 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\CAD-KAS [2013-09-01 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\calibre [2013-01-18 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Canneverbe Limited [2013-06-16 11:04:40 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\DAEMON Tools Lite [2012-12-05 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\DeviceVm [2013-09-01 23:11:49 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\foobar2000 [2012-12-05 22:24:09 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\GHISLER [2013-09-01 23:21:03 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\GlarySoft [2013-02-25 23:00:45 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\IObit [2013-04-11 21:41:04 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Mumble [2012-12-06 00:15:53 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\NapiProjekt [2012-12-24 03:21:38 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Notepad++ [2012-12-12 09:36:20 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Sports Interactive [2013-01-23 18:16:21 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\SteelSeries [2012-12-24 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Subversion [2013-07-03 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\TERA [2012-12-05 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\Thunderbird [2013-04-22 21:45:56 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\TS3Client [2013-09-01 23:29:06 | 000,000,000 | ---D | M] -- C:\Users\janek\AppData\Roaming\uTorrent========== Purity Check ========== < End of report > [/log] OTL EXTRAS [log] OTL Extras logfile created on: 2013-09-01 23:27:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\janek\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,96 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,38% Memory free 15,93 Gb Paging File | 13,73 Gb Available in Paging File | 86,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 360,48 Gb Total Space | 241,29 Gb Free Space | 66,94% Space Free | Partition Type: NTFS Drive D: | 571,03 Gb Total Space | 210,65 Gb Free Space | 36,89% Space Free | Partition Type: NTFS Drive F: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JANUSZ | User Name: janek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E698147-AAF7-460A-A7B1-043EA86C74D8}" = dir=in | app=c:\users\janek\appdata\local\microsoft\skydrive\skydrive.exe | "{13F339DC-E2B8-43E4-A8EB-3574BC104B8F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | "{17EDC058-5B0A-49F0-92AC-966A92518F34}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{18C5A20F-F7A6-4CC8-A431-8C2A1E252982}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | "{25AEA155-CAA0-43BC-81EA-655FE93BB28E}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{2B644E30-320C-4D5F-8A25-DA4227EDB82C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{3A801D78-7184-443B-83F0-59DD50A67093}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{46079508-0805-4218-8479-36787E9219BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{645BD4B9-35AC-4EAA-9B8C-97F57A818B56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | "{9A3233DA-11AC-4A37-A2A0-188A19C28FA1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | "{9C8C7D67-DFA3-44A2-AA9E-69B3588A3E79}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{A7C2C9B1-4DCD-45A0-96D0-74A0041D562C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | "{AE76A209-7C6E-4F8A-8597-49BF74814D1E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C3DA7E0D-543B-4F7B-9C28-7AB7ED692354}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | "{DDF5198C-6DD7-4E41-95DE-42DC2808308E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | "{E2164D82-B41A-4EB2-BAE0-7C64CC1E6647}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | "{F7B312C5-5DF0-4166-B4BE-D45A591429BC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{5685760C-8200-4DE3-96F6-793D96BBD072}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{F987ACE3-052C-43A5-A72E-8C7AA69D341D}C:\konnekt\konnekt.exe" = protocol=6 | dir=in | app=c:\konnekt\konnekt.exe | "UDP Query User{8E4B0A1D-61D3-49FA-9B6E-ADE59089EF8F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{B058C2DE-43CD-4FBC-819A-C3E81BFD72CE}C:\konnekt\konnekt.exe" = protocol=17 | dir=in | app=c:\konnekt\konnekt.exe |========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{12ABC13D-6540-483D-92B9-30CE1667B002}" = Intel(R) Smart Connect Technology 2.0 x64 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6B13A3F1-F66A-42FB-9E62-98952D582187}" = TortoiseSVN 1.7.11.23600 (64 bit) "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.23.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver "{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB}" = calibre 64bit "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0F7DD176693D493C7502506ABE5F948A4C14EA2E" = Pakiet sterowników systemu Windows - SteelSeries (HidUsb) HIDClass (06/09/2010 1.0.2.0) "ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6 "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0 "Defraggler" = Defraggler "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "Totalcmd64" = Total Commander 64-bit (Remove or Repair) "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.4 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6D8FB164-2A7D-43B2-A59E-E16BF568ACB0}" = Honorbuddy "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA909E80-DC40-4AF0-A693-376F9F1C8582}" = World of Warcraft(R) MMO Gaming Mouse: Legendary Edition "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 2.0.3 "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "FastStone Image Viewer" = FastStone Image Viewer 4.6 "foobar2000" = foobar2000 v1.1.18 "Glary Utilities 3" = Glary Utilities 3.9 "Glary Utilities_is1" = Glary Utilities 2.51.0.1666 "Guild Wars 2" = Guild Wars 2 "InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "Konnekt" = Konnekt "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Mozilla Firefox 23.0.1 (x86 pl)" = Mozilla Firefox 23.0.1 (x86 pl) "Mozilla Thunderbird 17.0.8 (x86 pl)" = Mozilla Thunderbird 17.0.8 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.1.0.2287) "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OCCT" = OCCT 4.3.2 "OpenAL" = OpenAL "SpeedFan" = SpeedFan (remove only) "Steam App 10" = Counter-Strike "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "Thunderbird-Tray" = Thunderbird-Tray "UltraISO_is1" = UltraISO Premium V9.53 "Update Engine" = Sony Ericsson Update Engine "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.6 "World of Warcraft" = World of Warcraft "XFastUSB" = XFastUSB========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-95478261-1155690265-3867789506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17c3ec1c-d814-4d83-ac88-062376366583}" = Honorbuddy "BankBrowser" = BankBrowser "SkyDriveSetup.exe" = Microsoft SkyDrive========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-95478261-1155690265-3867789506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-09-01 16:37:40 | Computer Name = janusz | Source = Windows Search Service | ID = 9002 Description = Error - 2013-09-01 16:37:40 | Computer Name = janusz | Source = Windows Search Service | ID = 3029 Description = Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 3029 Description = Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 3028 Description = Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 3058 Description = Error - 2013-09-01 16:37:43 | Computer Name = janusz | Source = Windows Search Service | ID = 7010 Description = Error - 2013-09-01 16:38:52 | Computer Name = janusz | Source = WinMgmt | ID = 10 Description = Error - 2013-09-01 17:16:45 | Computer Name = janusz | Source = ISCT Agent | ID = 1003 Description = Error - 2013-09-01 17:18:20 | Computer Name = janusz | Source = WinMgmt | ID = 10 Description = Error - 2013-09-01 17:29:44 | Computer Name = janusz | Source = VSS | ID = 8194 Description = [ System Events ] Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search. Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu: %%1053 Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search. Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu: %%1053 Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search. Error - 2013-09-01 16:38:05 | Computer Name = janusz | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu: %%1053 Error - 2013-09-01 16:38:12 | Computer Name = janusz | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search. Error - 2013-09-01 16:38:12 | Computer Name = janusz | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu: %%1053 Error - 2013-09-01 16:38:13 | Computer Name = janusz | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search. Error - 2013-09-01 16:38:13 | Computer Name = janusz | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Windows Search z powodu następującego błędu: %%1053 < End of report > [/log] GMER [log] GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-01 23:40:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1001FALS-00E3A0 rev.05.01D05 931,51GB Running: gosnor7i.exe; Driver: C:\Users\janek\AppData\Local\Temp\kwldypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76] .text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76] .text ... * 2 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetAclInformation] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!OpenProcessToken] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection] [43005c004d0045] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC] [65007200720075] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits] [6f00430074006e] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC] [6f00720074006e] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject] [7400650053006c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt] [7200650053005c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW] [65006300690076] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject] [440052005c0073] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetTemporaryPropertyForItem] [7700740065004e] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetFolderPathAndSubDirW] [690076006f0072] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify] [65006d0061004e] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!StrCmpNIW] [100005306] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathFindExtensionW] [27c0000052f0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHRegGetValueW] [25b000002628] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [2edc00001748] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW] [535100005345] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW] [536a00005360] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsNetworkPathW] [53930000537a] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathStripToRootW] [53ba000053a7] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathSkipRootW] [3000200010000] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathAppendW] [7264000b00090008] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW] [6c6c642e766f7270] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW] [6f43646441504e00] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW] [6e6f697463656e6e] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW] [6f43646441504e00] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessHeap] [7600650044005c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!HeapFree] [5c006500630069] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls] [44007000640052] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW] [5c00000072] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [640025] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary] [3b005c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError] [3a] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!lstrlenW] [730074005c005c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW] [650069006c0063] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentThreadId] [74006e] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileAttributesW] [ffffffff000056f8] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW] [56ecffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW] [576800005000] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindNextFileW] [5070000056e0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindClose] [ffffffff000057c0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW] [56b4ffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [57e0000050c8] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MoveFileExW] [50e800005694] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetVolumeInformationW] [ffffffff000057f8] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW] [5670ffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv] [580800005100] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileSize] [511000005650] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RaiseException] [ffffffff00005820] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer] [583000005128] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEndOfFile] [5138000055f8] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount] [586000005158] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnmapViewOfFile] [5168000055ac] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!Sleep] [ffffffff00005888] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter] [5588ffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId] [589800005190] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!TerminateProcess] [51a000005564] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcess] [ffffffff000058b0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter] [5558ffffffff] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [51b8] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DuplicateHandle] [0] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalFree] [642e4154534e4957] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW] [2d49504100006c6c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime] [432d6e69572d534d] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess] [497379532d65726f] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessId] [312d314c2d6f666e] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateMutexW] [6c6c642e302d] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW] [572d534d2d495041] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex] [2d65726f432d6e69] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent] [2d656c69666f7250] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ResetEvent] [642e302d312d314c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileMappingW] [2d49504100006c6c] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile] [432d6e69572d534d] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx] [636f72502d65726f] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle] [6165726854737365] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WaitForSingleObject] [2d312d314c2d7364] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemInfo] [6c6c642e30] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx] [2d65726f432d6e69] IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\system32\thumbcache.dll[PROPSYS.dll!PropVariantToUInt64] [6c6c642e302d31] ---- EOF - GMER 2.1 ---- [/log]
Natsuki Kuga komentarz 5 września 2013 komentarz 5 września 2013 W takim razie logi czyste - możesz użyć opcji [b]Sprzątanie[/b] w OTL. To wszystko.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.