azuro utworzono 17 lutego 2014 utworzono 17 lutego 2014 (edytowane) Witam Problem polega na usunięciu sweet page z firefox Po przeczytaniu kilku artykułów i zastosowaniu się do porad postanowiłem poprosić was o pomoc bo problemu niestety nie rozwiazałem. W oknie odinstalowywania programów nie znalazłem wpisu "WPM17.8.0.3297" więc nie było czego odinstalować. Adwcleaner też niczego nie znalazł, a mimo to po każdy kliknięciu nowej karty w firefox wyskakuje to badziewie log OTL [log]OTL Extras logfile created on: 2014-02-17 17:40:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\standard\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16473) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,23% Memory free 6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,81 Gb Total Space | 27,07 Gb Free Space | 54,36% Space Free | Partition Type: NTFS Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3719904406-483639650-1118833482-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{16062785-C998-489A-9C89-3A8BF4C86EC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{4AB9AAED-4905-47FC-A14E-89BEA45CFB67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{54A34155-4B2F-4F86-9C92-3CE35BB47B4B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{5C9B150F-643A-4470-8FBA-34E5EEB71336}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{6850025F-12F1-4E50-9012-C2911DA173DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{AC2681AC-1530-4E2A-9638-51472CBAE620}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{AF8E989B-FBF9-49B9-AB6C-F3DC383D7548}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{CA7950BC-4E07-4733-A75B-2FCC419E1E6C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{34371C5D-866E-462F-896A-BA75EC0EEDAE}" = AVG 2014 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5C6CCDAE-C2BF-473B-BB1F-2D1DCC5B98A4}" = AVG 2014 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "AVG" = AVG 2014 "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "LManager" = Launch Manager "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 27.0.1 (x86 pl)" = Mozilla Firefox 27.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "ShockwaveFlash" = Adobe Flash Player 9 ActiveX ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2014-02-16 17:38:21 | Computer Name = Azuro-zone | Source = VSS | ID = 8194 Description = Error - 2014-02-16 17:38:54 | Computer Name = Azuro-zone | Source = VSS | ID = 8194 Description = Error - 2014-02-16 18:14:07 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-17 03:32:02 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-17 03:53:38 | Computer Name = Azuro-zone | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mmc.exe, wersja 6.0.6000.16386, sygnatura czasowa 0x4549af41, moduł powodujący błąd ntdll.dll, wersja 6.0.6000.16386, sygnatura czasowa 0x4549bdc9, kod wyjątku 0xc0000374, przesunięcie błędu 0x000af1c9, identyfikator procesu 0xd94, godzina rozpoczęcia aplikacji 0x01cf2bb4e35cd91c. Error - 2014-02-17 04:53:40 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-17 05:10:00 | Computer Name = Azuro-zone | Source = Application Hang | ID = 1002 Description = Program firefox.exe w wersji 27.0.1.5156 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 8fc Godzina rozpoczęcia: 01cf2bbf51deebe1 Godzina zakończenia: 15 Error - 2014-02-17 10:12:25 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-17 10:23:05 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-17 12:26:04 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-17 10:17:28 | Computer Name = Azuro-zone | Source = Service Control Manager | ID = 7000 Description = Error - 2014-02-17 12:20:18 | Computer Name = Azuro-zone | Source = Service Control Manager | ID = 7000 Description = < End of report > [/log] [log]OTL logfile created on: 2014-02-17 17:40:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\standard\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16473) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,23% Memory free 6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,81 Gb Total Space | 27,07 Gb Free Space | 54,36% Space Free | Partition Type: NTFS Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014-02-17 17:39:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\standard\Desktop\OTL.exe PRC - [2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2014-02-17 10:04:47 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe PRC - [2014-02-17 08:40:19 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\standard\AppData\Local\Temp\RtkBtMnt.exe PRC - [2014-02-13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe PRC - [2014-01-22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe PRC - [2013-12-05 12:48:12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe PRC - [2013-11-25 22:03:56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe PRC - [2013-11-25 22:00:24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe PRC - [2013-11-13 22:03:10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe PRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe PRC - [2007-07-06 04:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-06-27 10:15:34 | 000,752,136 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2014-02-17 10:04:47 | 016,287,624 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_44.dll MOD - [2014-02-13 01:36:39 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2014-02-13 01:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2007-08-16 13:04:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013-11-25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013-11-25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013-11-25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2013-10-31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013-10-31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013-10-01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013-09-10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013-08-01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2007-07-25 16:39:00 | 007,604,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007-06-18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007-06-14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007-04-29 23:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007-03-21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-03-07 09:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-01-30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-02-17 15:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-02-17 15:37:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O3 - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3719904406-483639650-1118833482-1000..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12DCCF69-FB1B-4F5C-8955-7A920FD589F3}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014-02-17 17:13:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup [2014-02-17 15:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2014-02-17 15:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014-02-17 13:45:50 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2014-02-17 13:45:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2014-02-17 13:45:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2014-02-17 13:45:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2014-02-17 13:45:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2014-02-17 13:45:24 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll [2014-02-17 13:45:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2014-02-17 13:44:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2014-02-17 13:44:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2014-02-17 13:44:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2014-02-17 13:44:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2014-02-17 13:44:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2014-02-17 13:44:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2014-02-17 13:44:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2014-02-17 13:44:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2014-02-17 13:43:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2014-02-17 13:43:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2014-02-17 13:43:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2014-02-17 13:43:25 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2014-02-17 13:43:25 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2014-02-17 13:42:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2014-02-17 13:42:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2014-02-17 13:41:31 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2014-02-17 13:41:31 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2014-02-17 13:41:31 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2014-02-17 13:41:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2014-02-17 13:41:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2014-02-17 13:41:30 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2014-02-17 13:40:59 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2014-02-17 13:40:59 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2014-02-17 13:38:34 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2014-02-17 13:38:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2014-02-17 13:37:44 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2014-02-17 13:37:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2014-02-17 13:37:16 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2014-02-17 13:34:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2014-02-17 13:33:36 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2014-02-17 13:32:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2014-02-17 13:31:26 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2014-02-17 13:31:26 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2014-02-17 13:31:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2014-02-17 13:31:25 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2014-02-17 13:31:25 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2014-02-17 13:31:25 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2014-02-17 13:31:25 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2014-02-17 13:31:24 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2014-02-17 13:31:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll [2014-02-17 13:31:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2014-02-17 13:31:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2014-02-17 13:31:22 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll [2014-02-17 13:31:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe [2014-02-17 13:31:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe [2014-02-17 13:31:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll [2014-02-17 13:31:20 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2014-02-17 13:31:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll [2014-02-17 13:31:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll [2014-02-17 13:31:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2014-02-17 13:31:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll [2014-02-17 13:30:36 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2014-02-17 13:30:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2014-02-17 13:30:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2014-02-17 13:30:34 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2014-02-17 13:30:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2014-02-17 13:30:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2014-02-17 13:30:17 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2014-02-17 13:30:17 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2014-02-17 13:29:51 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2014-02-17 13:29:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2014-02-17 13:29:51 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2014-02-17 13:29:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2014-02-17 13:29:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL [2014-02-17 13:29:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll [2014-02-17 13:29:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2014-02-17 13:29:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2014-02-17 13:29:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2014-02-17 13:29:00 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-02-17 13:28:51 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2014-02-17 13:28:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll [2014-02-17 13:28:39 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2014-02-17 13:28:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2014-02-17 13:28:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2014-02-17 13:28:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2014-02-17 13:28:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2014-02-17 13:28:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2014-02-17 13:28:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe [2014-02-17 13:27:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2014-02-17 13:27:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2014-02-17 13:27:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2014-02-17 13:27:13 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2014-02-17 13:26:37 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2014-02-17 13:26:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2014-02-17 13:26:15 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2014-02-17 13:26:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2014-02-17 13:26:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2014-02-17 13:25:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2014-02-17 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014-02-17 10:50:18 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\AVG2014 [2014-02-17 10:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2014-02-17 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software [2014-02-17 10:49:12 | 000,000,000 | -H-D | C] -- C:\$AVG [2014-02-17 10:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2014-02-17 10:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2014-02-17 10:45:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\MFAData [2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Avg2014 [2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Macromedia [2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Adobe [2014-02-17 10:04:47 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-02-17 10:04:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-02-17 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Adobe [2014-02-17 09:34:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2014-02-17 09:34:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2014-02-17 09:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2014-02-17 09:17:14 | 000,231,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2014-02-17 09:06:16 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Mozilla [2014-02-17 09:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2014-02-17 06:40:10 | 016,437,832 | ---- | C] (Macrovision Corporation) -- C:\Windows\eRy.exe [2014-02-17 06:40:03 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll [2014-02-17 06:40:03 | 000,100,358 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll [2014-02-17 06:40:01 | 000,154,624 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys [2014-02-17 06:39:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\devcon.exe [2014-02-16 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Seven Zip [2014-02-16 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PowerCinema [2014-02-16 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PlayMovie [2014-02-16 22:05:03 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe [2014-02-16 22:05:03 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe [2014-02-16 22:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K [2014-02-16 22:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Matrix Storage Manager [2014-02-16 22:02:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU [2014-02-16 22:01:06 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2014-02-16 21:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager [2014-02-16 21:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager [2014-02-16 21:59:19 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData\Local\acer eNM [2014-02-16 21:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2014-02-16 21:58:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Searches [2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2014-02-16 21:58:44 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Identities [2014-02-16 21:58:41 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Contacts [2014-02-16 21:58:19 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\VirtualStore [2014-02-16 21:57:32 | 040,368,034 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\acer.exe [2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Macromedia [2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc [2014-02-16 21:57:25 | 000,000,000 | ---D | C] -- C:\Windows\ACER [2014-02-16 21:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2014-02-16 21:57:02 | 000,000,000 | --SD | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Videos [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Saved Games [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Links [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Downloads [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Documents [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Desktop [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Ustawienia lokalne [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Temporary Internet Files [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Szablony [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\SendTo [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Recent [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\PrintHood [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\NetHood [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje wideo [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje obrazy [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Moje dokumenty [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moja muzyka [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Menu Start [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Historia [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Dane aplikacji [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Dane aplikacji [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Cookies [2014-02-16 21:57:02 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData [2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Temp [2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Microsoft [2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Media Center Programs [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2014-02-16 20:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2014-02-16 20:46:17 | 000,053,248 | ---- | C] (Bison Inc.) -- C:\Windows\BR040286.exe [2014-02-16 20:45:40 | 000,126,976 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\imsmudlg.exe [2014-02-16 20:44:56 | 001,073,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll [2014-02-16 20:44:55 | 000,753,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe [2014-02-16 20:44:55 | 000,413,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl [2014-02-16 20:44:55 | 000,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll [2014-01-19 21:46:54 | 000,022,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys ========== Files - Modified Within 30 Days ========== [2014-02-17 17:26:05 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-02-17 17:26:05 | 000,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-02-17 17:26:05 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-02-17 17:26:05 | 000,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-02-17 17:19:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014-02-17 17:19:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014-02-17 17:19:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-02-17 17:19:03 | 3219,111,936 | -HS- | M] () -- C:\hiberfil.sys [2014-02-17 15:31:25 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001 [2014-02-17 15:11:35 | 000,292,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014-02-17 13:45:50 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2014-02-17 13:45:50 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2014-02-17 13:45:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2014-02-17 13:45:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2014-02-17 13:45:50 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2014-02-17 13:45:24 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll [2014-02-17 13:45:24 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2014-02-17 13:44:30 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2014-02-17 13:44:30 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2014-02-17 13:44:30 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2014-02-17 13:44:30 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2014-02-17 13:44:30 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2014-02-17 13:44:29 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2014-02-17 13:44:29 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2014-02-17 13:44:29 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2014-02-17 13:43:26 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf [2014-02-17 13:43:26 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2014-02-17 13:43:26 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2014-02-17 13:43:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2014-02-17 13:43:26 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2014-02-17 13:43:25 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2014-02-17 13:42:54 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2014-02-17 13:42:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2014-02-17 13:41:31 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2014-02-17 13:41:31 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2014-02-17 13:41:31 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2014-02-17 13:41:31 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2014-02-17 13:41:31 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2014-02-17 13:41:30 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2014-02-17 13:40:59 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2014-02-17 13:40:59 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2014-02-17 13:38:34 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2014-02-17 13:38:34 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2014-02-17 13:37:44 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2014-02-17 13:37:44 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2014-02-17 13:37:16 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2014-02-17 13:34:17 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2014-02-17 13:32:39 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2014-02-17 13:31:50 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\i8042prt.sys.mui [2014-02-17 13:31:50 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\sermouse.sys.mui [2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouclass.sys.mui [2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdclass.sys.mui [2014-02-17 13:31:50 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouhid.sys.mui [2014-02-17 13:31:50 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdhid.sys.mui [2014-02-17 13:31:26 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2014-02-17 13:31:26 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2014-02-17 13:31:26 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2014-02-17 13:31:25 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2014-02-17 13:31:25 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2014-02-17 13:31:25 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2014-02-17 13:31:25 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2014-02-17 13:31:24 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2014-02-17 13:31:23 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll [2014-02-17 13:31:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2014-02-17 13:31:23 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2014-02-17 13:31:22 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll [2014-02-17 13:31:22 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe [2014-02-17 13:31:22 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe [2014-02-17 13:31:22 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll [2014-02-17 13:31:20 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2014-02-17 13:31:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll [2014-02-17 13:31:20 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll [2014-02-17 13:31:20 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2014-02-17 13:31:19 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll [2014-02-17 13:30:36 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2014-02-17 13:30:36 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2014-02-17 13:30:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2014-02-17 13:30:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2014-02-17 13:30:34 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2014-02-17 13:30:34 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2014-02-17 13:30:17 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2014-02-17 13:30:17 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2014-02-17 13:29:51 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2014-02-17 13:29:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2014-02-17 13:29:51 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2014-02-17 13:29:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2014-02-17 13:29:36 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL [2014-02-17 13:29:36 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll [2014-02-17 13:29:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2014-02-17 13:29:24 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2014-02-17 13:29:10 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2014-02-17 13:29:01 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-02-17 13:28:51 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2014-02-17 13:28:51 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll [2014-02-17 13:28:39 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2014-02-17 13:28:38 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2014-02-17 13:28:36 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2014-02-17 13:28:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2014-02-17 13:28:34 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2014-02-17 13:28:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe [2014-02-17 13:27:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2014-02-17 13:27:33 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2014-02-17 13:27:33 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2014-02-17 13:27:13 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2014-02-17 13:26:37 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2014-02-17 13:26:30 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2014-02-17 13:26:14 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2014-02-17 13:26:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2014-02-17 13:25:41 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2014-02-17 10:04:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-02-17 10:04:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-02-17 09:34:57 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2014-02-17 09:34:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2014-02-17 08:58:13 | 000,005,120 | ---- | M] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-02-17 08:54:26 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat [2014-02-17 06:40:12 | 000,000,003 | ---- | M] () -- C:\Windows\AFirst.cmd [2014-02-16 22:09:20 | 000,000,115 | ---- | M] () -- C:\Windows\Alaunch.ini [2014-02-16 22:04:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf [2014-02-16 22:00:03 | 000,000,000 | ---- | M] () -- C:\Windows\SETUP.INI [2014-02-16 21:59:38 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI [2014-02-16 21:57:09 | 000,001,550 | ---- | M] () -- C:\Windows\CLEANUP.CMD [2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys ========== Files Created - No Company Name ========== [2014-02-17 15:37:05 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014-02-17 13:43:26 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2014-02-17 08:58:10 | 000,005,120 | ---- | C] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-02-17 08:31:17 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001 [2014-02-17 06:40:12 | 000,000,003 | ---- | C] () -- C:\Windows\AFirst.cmd [2014-02-17 06:39:55 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2014-02-17 06:39:47 | 000,000,336 | ---- | C] () -- C:\Windows\ACERTOURREMINDERRUN.REG [2014-02-17 06:39:32 | 000,001,550 | ---- | C] () -- C:\Windows\CLEANUP.CMD [2014-02-17 06:39:32 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2014-02-17 06:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\System32\$Acer$.cmd [2014-02-16 23:27:48 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat [2014-02-16 22:05:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2014-02-16 22:05:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2014-02-16 22:05:03 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss [2014-02-16 22:04:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf [2014-02-16 22:00:03 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP.INI [2014-02-16 21:59:38 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI [2014-02-16 21:58:52 | 000,000,913 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2014-02-16 21:58:51 | 000,000,908 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2014-02-16 21:58:41 | 000,000,879 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2014-02-16 21:57:42 | 083,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr [2014-02-16 20:48:27 | 3219,111,936 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-02-17 13:34:48 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014-02-17 13:30:35 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2014-02-17 10:50:18 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\AVG2014 [2014-02-17 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software [2014-02-17 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\standard\AppData\Roaming\AVG2014 [2014-02-17 15:22:44 | 000,000,000 | ---D | M] -- C:\Users\standard\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > [/log] log gmer [log]GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-17 18:35:33 Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL05 149,05GB Running: trv2ecye.exe; Driver: C:\Users\Azuro\AppData\Local\Temp\fwdyraob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8CD896E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8CD89800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8CD89010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8CD894D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8CD89300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8CD893E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8CD89120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8CD89210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8CD895E0] ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E8BF380, 0x356B08, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3012] kernel32.dll!ActivateActCtx + 2C 75BA7379 7 Bytes JMP 684A049D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3012] kernel32.dll!VirtualQuery + 24 75BAD172 7 Bytes JMP 680B5A06 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3012] kernel32.dll!VirtualAllocEx + 54 75BC9BC5 7 Bytes JMP 684A0455 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3012] GDI32.dll!SetTextAlign + E6 75C67EEF 7 Bytes JMP 684A04C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateFile + 6 77D0F41A 4 Bytes [28, E0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateFile + B 77D0F41F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateKey + 6 77D0F45A 4 Bytes [68, E1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateKey + B 77D0F45F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateMutant + 6 77D0F48A 4 Bytes [28, E2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateMutant + B 77D0F48F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateSection + 6 77D0F50A 4 Bytes [68, E2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateSection + B 77D0F50F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtMapViewOfSection + 6 77D0FB6A 4 Bytes [A8, E4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtMapViewOfSection + B 77D0FB6F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenFile + 6 77D0FBFA 4 Bytes [68, E0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenFile + B 77D0FBFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenKey + 6 77D0FC2A 4 Bytes [A8, E1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenKey + B 77D0FC2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenMutant + 6 77D0FC4A 4 Bytes CALL 76D10330 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenMutant + B 77D0FC4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcess + 6 77D0FC7A 4 Bytes [28, E3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcess + B 77D0FC7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessToken + 6 77D0FC8A 4 Bytes [68, E3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessToken + B 77D0FC8F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessTokenEx + 6 77D0FC9A 4 Bytes [28, E4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessTokenEx + B 77D0FC9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenSection + 6 77D0FCAA 4 Bytes [A8, E2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenSection + B 77D0FCAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThread + 6 77D0FCEA 4 Bytes CALL 76D103D1 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThread + B 77D0FCEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadToken + 6 77D0FCFA 4 Bytes CALL 76D103E2 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadToken + B 77D0FCFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadTokenEx + 6 77D0FD0A 4 Bytes [68, E4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadTokenEx + B 77D0FD0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryAttributesFile + 6 77D0FD9A 4 Bytes [A8, E0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryAttributesFile + B 77D0FD9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryFullAttributesFile + 6 77D0FE4A 4 Bytes CALL 76D1052F C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryFullAttributesFile + B 77D0FE4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationFile + 6 77D1036A 4 Bytes [28, E1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationFile + B 77D1036F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationThread + 6 77D103BA 4 Bytes [A8, E3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationThread + B 77D103BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtUnmapViewOfSection + 6 77D1065A 4 Bytes CALL 76D10D43 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtUnmapViewOfSection + B 77D1065F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!CreateProcessW 75B81D27 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!CreateProcessA 75B81D5C 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!OpenEventW 75BA4CB8 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!CreateEventW 75BA9146 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!DeleteObject 75C65A1F 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetDeviceCaps 75C65EA6 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SelectObject 75C65FC0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetBkMode 75C66390 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetTextColor 75C664BF 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetStretchBltMode 75C66624 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!DeleteDC 75C669A5 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StretchDIBits 75C66F0F 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextMetricsW 75C6720B 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetCurrentObject 75C67419 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!RestoreDC 75C674AA 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SaveDC 75C67557 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextAlign 75C67A93 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtSelectClipRgn 75C67AE2 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SelectClipRgn 75C67BED 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetTextAlign 75C67E09 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!IntersectClipRect 75C682B4 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetICMMode 75C688BB 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtTextOutW 75C689EC 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!MoveToEx 75C68E09 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!Rectangle 75C690CA 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetClipBox 75C6989D 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextFaceW 75C6A788 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextExtentPoint32W 75C6ABB5 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateDCA 75C6BCD9 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateDCW 75C6BE99 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateICW 75C6BEDD 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetFontData 75C6C6E3 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetWorldTransform 75C6CC0A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextMetricsA 75C6D201 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!LineTo 75C70984 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtTextOutA 75C710E8 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextExtentPoint32A 75C711A7 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtEscape 75C7544B 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!EndPage 75C770FC 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetMiterLimit 75C798D2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ResetDCW 75C7F929 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextFaceA 75C7FE74 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetPolyFillMode 75C7FF50 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetGlyphOutlineW 75C7FFEF 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!Escape 75C80181 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateScalableFontResourceW 75C8D8CD 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!AddFontResourceW 75C8DB8E 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!RemoveFontResourceW 75C8DE3B 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!AbortDoc 75C92F0C 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!EndDoc 75C9325D 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StartPage 75C93348 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StartDocW 75C93DBB 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!BeginPath 75C94575 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SelectClipPath 75C945CC 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CloseFigure 75C94627 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!EndPath 75C9467E 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StrokePath 75C948B0 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!FillPath 75C9493C 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!PolylineTo 75C94DA5 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!PolyBezierTo 75C94E35 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!PolyDraw 75C94EE6 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetTopWindow 76C67BC1 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!CountClipboardFormats 76C6BEAE 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!RegisterClipboardFormatW 76C6F811 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!ActivateKeyboardLayout 76C7A9FF 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!RegisterClipboardFormatA 76C7AEC3 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardFormatNameA 76C7B1C6 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClientRect 76C7B396 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!MonitorFromWindow 76C7B4F8 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!ScreenToClient 76C7C1D8 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetParent 76C82E91 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!IsWindowVisible 76C83429 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!MapWindowPoints 76C834B0 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetCursor 76C8380D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!PostMessageW 76C83915 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetCursorPos 76C84EDD 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardViewer 76C84F52 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardData 76C8589C 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!EmptyClipboard 76C859B8 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!EnumClipboardFormats 76C859CA 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetClipboardViewer 76C91CE7 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetOpenClipboardWindow 76C91D02 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!ChangeClipboardChain 76C9BABA 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!CloseClipboard 76C9CA35 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!OpenClipboard 76C9CA47 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!IsClipboardFormatAvailable 76C9CAC8 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardSequenceNumber 76C9CADC 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardOwner 76C9CB0E 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetClipboardData 76CB116B 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardFormatNameW 76CB46EF 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetPriorityClipboardFormat 76CC555B 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!FreeContextBuffer 7589243F 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!DeleteSecurityContext 758925C7 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!FreeCredentialsHandle 75892AD9 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!QueryContextAttributesA 758961FF 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!InitializeSecurityContextA 75896282 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!AcquireCredentialsHandleA 758963CE 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!EncryptMessage 75898A63 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!DecryptMessage 75898B31 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!ApplyControlToken 7589DE58 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!QueryCredentialsAttributesA 7589DFD3 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ole32.dll!OleGetClipboard 76FDBDB6 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ole32.dll!OleSetClipboard 77000F64 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ole32.dll!OleIsCurrentClipboard 7700B185 5 Bytes JMP 000F0070 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!PaintMonitor + 94 76C6B20C 7 Bytes JMP 683F76A0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!GetWindowInfo 76C700DB 5 Bytes JMP 683FB2EA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!DefWindowProcW + 6B5 76C82445 7 Bytes JMP 683F7711 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!SetMenuItemBitmaps + 3E 76C8CFF3 7 Bytes JMP 683F4E6D C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73EEFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EBB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EAA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EACBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EA8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EBCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EA7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EA7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73EA6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F3C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73EC7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EA90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EB2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EB21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EB7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EB7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll IAT C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73EE83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 83F80020 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- [/log] pomożecie ?
azuro komentarz 17 lutego 2014 Autor komentarz 17 lutego 2014 (edytowane) stosowałeś AdwCleaner daj z niego raporty [log]# AdwCleaner v3.019 - Log utworzony 17/02/2014 o 22:35:35 # Aktualizacja 17/02/2014 przez Xplode # System operacyjny : Windows Vista (TM) Home Premium (32 bits) # Użytkownik : Azuro - AZURO-ZONE # Ścieżka : C:\Users\standard\Desktop\adwcleaner.exe # Opcja : Szukaj ***** [ Usługi ] ***** ***** [ Pliki / Foldery ] ***** ***** [ Skróty ] ***** ***** [ Rejestr ] ***** ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v7.0.6000.16473 ************************* AdwCleaner[R0].txt - [2128 octets] - [17/02/2014 17:13:15] AdwCleaner[R1].txt - [2188 octets] - [17/02/2014 17:14:33] AdwCleaner[R2].txt - [828 octets] - [17/02/2014 17:29:56] AdwCleaner[R3].txt - [691 octets] - [17/02/2014 22:35:35] AdwCleaner[S0].txt - [2220 octets] - [17/02/2014 17:17:10] ########## EOF - \AdwCleaner\AdwCleaner[R3].txt - [810 octets] ########## [/log] niestety nie skopiowałem poprzednich logów z adwcleaner wiec przeskanowałem jeszcze raz, ale tak jak poprzednio nic (chyba) tam nie ma
Zayfi komentarz 18 lutego 2014 komentarz 18 lutego 2014 Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej :OTL IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O3 - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found :Commands [emptytemp] Kliknij w Wykonaj skrypt. Adwcleaner też niczego nie znalazł, a mimo to po każdy kliknięciu nowej karty w firefox wyskakuje to badziewie Bo nie ma. Ale jest kompletnie nieaktualna Vista. Brak Service Pac 1 i 2. Tak nie może byc. Zainstaluj najpierw SP1, potem SP2. Uprzedzam ewentualne zapytania czy nie można od razu SP2 zainstalować - nie można. http://www.microsoft.com/pl-pl/download/details.aspx?id=910 http://www.microsoft.com/pl-pl/download/details.aspx?id=15278
azuro komentarz 18 lutego 2014 Autor komentarz 18 lutego 2014 Po wykonaniu skryptu otrzymałem taki log [log]All processes killed ========== OTL ========== HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3719904406-483639650-1118833482-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found. Registry value HKEY_USERS\S-1-5-21-3719904406-483639650-1118833482-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Azuro ->Temp folder emptied: 14157006 bytes ->Temporary Internet Files folder emptied: 49358 bytes ->Flash cache emptied: 592 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: standard ->Temp folder emptied: 242141 bytes ->Temporary Internet Files folder emptied: 7709219 bytes ->FireFox cache emptied: 372488128 bytes ->Flash cache emptied: 3382 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 65084 bytes RecycleBin emptied: 555009 bytes Total Files Cleaned = 377,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02182014_213413 Files\Folders moved on Reboot... C:\Users\standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03016HDH\-npz8I08j1p4obSJnaZfLUVLlIm0umyx7nT5vEtjvLjffwrwgsM9eMI6MK6gw6NuSh90iY83ZAlTifoRdhXtg6[1].eot moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... [/log] log skanu [log]OTL logfile created on: 2014-02-18 21:43:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\standard\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16473) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,30% Memory free 6,19 Gb Paging File | 5,13 Gb Available in Paging File | 82,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,81 Gb Total Space | 24,59 Gb Free Space | 49,36% Space Free | Partition Type: NTFS Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-02-18 21:37:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\standard\AppData\Local\Temp\RtkBtMnt.exe PRC - [2014-02-17 17:39:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\standard\Desktop\OTL.exe PRC - [2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2014-02-13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe PRC - [2014-01-22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe PRC - [2013-12-05 12:48:12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe PRC - [2013-11-25 22:03:56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe PRC - [2013-11-25 22:00:24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe PRC - [2013-11-13 22:03:10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe PRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe PRC - [2007-07-06 04:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-06-27 10:15:34 | 000,752,136 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-02-13 01:36:39 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014-02-13 01:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2007-08-16 13:04:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013-11-25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013-11-25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013-11-25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2013-10-31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013-10-31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013-10-01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013-09-10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013-08-01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2007-07-25 16:39:00 | 007,604,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007-06-18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007-06-14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007-04-29 23:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007-03-21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-03-07 09:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-01-30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-02-17 15:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-02-17 15:37:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S1].txt () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12DCCF69-FB1B-4F5C-8955-7A920FD589F3}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-02-18 21:34:13 | 000,000,000 | ---D | C] -- C:\_OTL [2014-02-17 17:13:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup [2014-02-17 15:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2014-02-17 15:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014-02-17 13:45:50 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2014-02-17 13:45:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2014-02-17 13:45:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2014-02-17 13:45:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2014-02-17 13:45:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2014-02-17 13:45:24 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll [2014-02-17 13:45:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2014-02-17 13:44:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2014-02-17 13:44:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2014-02-17 13:44:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2014-02-17 13:44:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2014-02-17 13:44:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2014-02-17 13:44:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2014-02-17 13:44:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2014-02-17 13:44:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2014-02-17 13:43:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2014-02-17 13:43:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2014-02-17 13:43:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2014-02-17 13:43:25 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2014-02-17 13:43:25 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2014-02-17 13:42:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2014-02-17 13:42:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2014-02-17 13:41:31 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2014-02-17 13:41:31 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2014-02-17 13:41:31 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2014-02-17 13:41:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2014-02-17 13:41:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2014-02-17 13:41:30 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2014-02-17 13:40:59 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2014-02-17 13:40:59 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2014-02-17 13:38:34 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2014-02-17 13:38:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2014-02-17 13:37:44 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2014-02-17 13:37:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2014-02-17 13:37:16 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2014-02-17 13:34:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2014-02-17 13:33:36 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2014-02-17 13:32:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2014-02-17 13:31:26 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2014-02-17 13:31:26 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2014-02-17 13:31:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2014-02-17 13:31:25 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2014-02-17 13:31:25 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2014-02-17 13:31:25 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2014-02-17 13:31:25 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2014-02-17 13:31:24 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2014-02-17 13:31:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll [2014-02-17 13:31:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2014-02-17 13:31:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2014-02-17 13:31:22 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll [2014-02-17 13:31:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe [2014-02-17 13:31:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe [2014-02-17 13:31:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll [2014-02-17 13:31:20 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2014-02-17 13:31:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll [2014-02-17 13:31:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll [2014-02-17 13:31:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2014-02-17 13:31:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll [2014-02-17 13:30:36 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2014-02-17 13:30:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2014-02-17 13:30:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2014-02-17 13:30:34 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2014-02-17 13:30:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2014-02-17 13:30:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2014-02-17 13:30:17 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2014-02-17 13:30:17 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2014-02-17 13:29:51 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2014-02-17 13:29:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2014-02-17 13:29:51 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2014-02-17 13:29:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2014-02-17 13:29:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL [2014-02-17 13:29:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll [2014-02-17 13:29:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2014-02-17 13:29:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2014-02-17 13:29:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2014-02-17 13:29:00 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-02-17 13:28:51 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2014-02-17 13:28:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll [2014-02-17 13:28:39 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2014-02-17 13:28:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2014-02-17 13:28:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2014-02-17 13:28:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2014-02-17 13:28:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2014-02-17 13:28:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2014-02-17 13:28:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe [2014-02-17 13:27:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2014-02-17 13:27:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2014-02-17 13:27:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2014-02-17 13:27:13 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2014-02-17 13:26:37 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2014-02-17 13:26:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2014-02-17 13:26:15 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2014-02-17 13:26:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2014-02-17 13:26:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2014-02-17 13:25:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2014-02-17 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014-02-17 10:50:18 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\AVG2014 [2014-02-17 10:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2014-02-17 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software [2014-02-17 10:49:12 | 000,000,000 | -H-D | C] -- C:\$AVG [2014-02-17 10:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2014-02-17 10:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2014-02-17 10:45:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\MFAData [2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Avg2014 [2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Macromedia [2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Adobe [2014-02-17 10:04:47 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-02-17 10:04:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-02-17 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Adobe [2014-02-17 09:34:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2014-02-17 09:34:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2014-02-17 09:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2014-02-17 09:17:14 | 000,231,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2014-02-17 09:06:16 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Mozilla [2014-02-17 09:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2014-02-17 06:40:10 | 016,437,832 | ---- | C] (Macrovision Corporation) -- C:\Windows\eRy.exe [2014-02-17 06:40:03 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll [2014-02-17 06:40:03 | 000,100,358 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll [2014-02-17 06:40:01 | 000,154,624 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys [2014-02-17 06:39:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\devcon.exe [2014-02-16 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Seven Zip [2014-02-16 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PowerCinema [2014-02-16 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PlayMovie [2014-02-16 22:05:03 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe [2014-02-16 22:05:03 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe [2014-02-16 22:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K [2014-02-16 22:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Matrix Storage Manager [2014-02-16 22:02:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU [2014-02-16 22:01:06 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2014-02-16 21:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager [2014-02-16 21:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager [2014-02-16 21:59:19 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData\Local\acer eNM [2014-02-16 21:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2014-02-16 21:58:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Searches [2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2014-02-16 21:58:44 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Identities [2014-02-16 21:58:41 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Contacts [2014-02-16 21:58:19 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\VirtualStore [2014-02-16 21:57:32 | 040,368,034 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\acer.exe [2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Macromedia [2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc [2014-02-16 21:57:25 | 000,000,000 | ---D | C] -- C:\Windows\ACER [2014-02-16 21:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2014-02-16 21:57:02 | 000,000,000 | --SD | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Videos [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Saved Games [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Links [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Downloads [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Documents [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Desktop [2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Ustawienia lokalne [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Temporary Internet Files [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Szablony [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\SendTo [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Recent [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\PrintHood [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\NetHood [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje wideo [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje obrazy [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Moje dokumenty [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moja muzyka [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Menu Start [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Historia [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Dane aplikacji [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Dane aplikacji [2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Cookies [2014-02-16 21:57:02 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData [2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Temp [2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Microsoft [2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Media Center Programs [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2014-02-16 20:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2014-02-16 20:46:17 | 000,053,248 | ---- | C] (Bison Inc.) -- C:\Windows\BR040286.exe [2014-02-16 20:45:40 | 000,126,976 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\imsmudlg.exe [2014-02-16 20:44:56 | 001,073,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll [2014-02-16 20:44:55 | 000,753,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe [2014-02-16 20:44:55 | 000,413,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl [2014-02-16 20:44:55 | 000,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll [2014-01-19 21:46:54 | 000,022,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-02-18 21:43:39 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-02-18 21:43:39 | 000,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-02-18 21:43:39 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-02-18 21:43:39 | 000,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-02-18 21:37:20 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014-02-18 21:37:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014-02-18 21:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-02-18 21:36:54 | 3219,111,936 | -HS- | M] () -- C:\hiberfil.sys [2014-02-18 18:27:50 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\http.sys.mui [2014-02-17 15:31:25 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001 [2014-02-17 15:11:35 | 000,292,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014-02-17 13:45:50 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2014-02-17 13:45:50 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2014-02-17 13:45:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2014-02-17 13:45:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2014-02-17 13:45:50 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2014-02-17 13:45:24 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll [2014-02-17 13:45:24 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2014-02-17 13:44:30 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2014-02-17 13:44:30 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2014-02-17 13:44:30 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2014-02-17 13:44:30 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2014-02-17 13:44:30 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2014-02-17 13:44:29 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2014-02-17 13:44:29 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2014-02-17 13:44:29 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2014-02-17 13:43:26 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf [2014-02-17 13:43:26 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2014-02-17 13:43:26 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2014-02-17 13:43:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2014-02-17 13:43:26 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2014-02-17 13:43:25 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2014-02-17 13:42:54 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2014-02-17 13:42:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2014-02-17 13:41:31 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2014-02-17 13:41:31 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2014-02-17 13:41:31 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2014-02-17 13:41:31 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2014-02-17 13:41:31 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2014-02-17 13:41:30 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2014-02-17 13:40:59 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2014-02-17 13:40:59 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2014-02-17 13:38:34 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2014-02-17 13:38:34 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2014-02-17 13:37:44 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2014-02-17 13:37:44 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2014-02-17 13:37:16 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2014-02-17 13:34:17 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2014-02-17 13:32:39 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2014-02-17 13:31:50 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\i8042prt.sys.mui [2014-02-17 13:31:50 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\sermouse.sys.mui [2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouclass.sys.mui [2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdclass.sys.mui [2014-02-17 13:31:50 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouhid.sys.mui [2014-02-17 13:31:50 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdhid.sys.mui [2014-02-17 13:31:26 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2014-02-17 13:31:26 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2014-02-17 13:31:26 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2014-02-17 13:31:25 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2014-02-17 13:31:25 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2014-02-17 13:31:25 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2014-02-17 13:31:25 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2014-02-17 13:31:24 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2014-02-17 13:31:23 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll [2014-02-17 13:31:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2014-02-17 13:31:23 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2014-02-17 13:31:22 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll [2014-02-17 13:31:22 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe [2014-02-17 13:31:22 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe [2014-02-17 13:31:22 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll [2014-02-17 13:31:20 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2014-02-17 13:31:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll [2014-02-17 13:31:20 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll [2014-02-17 13:31:20 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2014-02-17 13:31:19 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll [2014-02-17 13:30:36 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2014-02-17 13:30:36 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2014-02-17 13:30:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2014-02-17 13:30:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2014-02-17 13:30:34 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2014-02-17 13:30:34 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2014-02-17 13:30:17 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2014-02-17 13:30:17 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2014-02-17 13:29:51 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2014-02-17 13:29:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2014-02-17 13:29:51 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2014-02-17 13:29:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2014-02-17 13:29:36 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL [2014-02-17 13:29:36 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll [2014-02-17 13:29:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2014-02-17 13:29:24 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2014-02-17 13:29:10 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2014-02-17 13:29:01 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-02-17 13:28:51 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2014-02-17 13:28:51 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll [2014-02-17 13:28:39 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2014-02-17 13:28:38 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2014-02-17 13:28:36 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2014-02-17 13:28:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2014-02-17 13:28:34 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2014-02-17 13:28:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe [2014-02-17 13:27:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2014-02-17 13:27:33 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2014-02-17 13:27:33 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2014-02-17 13:27:13 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2014-02-17 13:26:37 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2014-02-17 13:26:30 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2014-02-17 13:26:14 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2014-02-17 13:26:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2014-02-17 13:25:41 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2014-02-17 10:04:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-02-17 10:04:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-02-17 09:34:57 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2014-02-17 09:34:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2014-02-17 08:58:13 | 000,005,120 | ---- | M] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-02-17 08:54:26 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat [2014-02-17 06:40:12 | 000,000,003 | ---- | M] () -- C:\Windows\AFirst.cmd [2014-02-16 22:09:20 | 000,000,115 | ---- | M] () -- C:\Windows\Alaunch.ini [2014-02-16 22:04:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf [2014-02-16 22:00:03 | 000,000,000 | ---- | M] () -- C:\Windows\SETUP.INI [2014-02-16 21:59:38 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI [2014-02-16 21:57:09 | 000,001,550 | ---- | M] () -- C:\Windows\CLEANUP.CMD [2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-02-17 15:37:05 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014-02-17 13:43:26 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2014-02-17 08:58:10 | 000,005,120 | ---- | C] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-02-17 08:31:17 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001 [2014-02-17 06:40:12 | 000,000,003 | ---- | C] () -- C:\Windows\AFirst.cmd [2014-02-17 06:39:55 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2014-02-17 06:39:47 | 000,000,336 | ---- | C] () -- C:\Windows\ACERTOURREMINDERRUN.REG [2014-02-17 06:39:32 | 000,001,550 | ---- | C] () -- C:\Windows\CLEANUP.CMD [2014-02-17 06:39:32 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2014-02-17 06:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\System32\$Acer$.cmd [2014-02-16 23:27:48 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat [2014-02-16 22:05:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2014-02-16 22:05:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2014-02-16 22:05:03 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss [2014-02-16 22:04:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf [2014-02-16 22:00:03 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP.INI [2014-02-16 21:59:38 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI [2014-02-16 21:58:52 | 000,000,913 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2014-02-16 21:58:51 | 000,000,908 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2014-02-16 21:58:41 | 000,000,879 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2014-02-16 21:57:42 | 083,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr [2014-02-16 20:48:27 | 3219,111,936 | -HS- | C] () -- C:\hiberfil.sys [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-02-17 13:34:48 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014-02-17 13:30:35 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2014-02-17 10:50:18 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\AVG2014 [2014-02-17 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log]OTL Extras logfile created on: 2014-02-18 21:43:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\standard\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16473) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,30% Memory free 6,19 Gb Paging File | 5,13 Gb Available in Paging File | 82,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,81 Gb Total Space | 24,59 Gb Free Space | 49,36% Space Free | Partition Type: NTFS Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{16062785-C998-489A-9C89-3A8BF4C86EC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{4AB9AAED-4905-47FC-A14E-89BEA45CFB67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{54A34155-4B2F-4F86-9C92-3CE35BB47B4B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{5C9B150F-643A-4470-8FBA-34E5EEB71336}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{6850025F-12F1-4E50-9012-C2911DA173DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{AC2681AC-1530-4E2A-9638-51472CBAE620}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{AF8E989B-FBF9-49B9-AB6C-F3DC383D7548}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{CA7950BC-4E07-4733-A75B-2FCC419E1E6C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{34371C5D-866E-462F-896A-BA75EC0EEDAE}" = AVG 2014 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5C6CCDAE-C2BF-473B-BB1F-2D1DCC5B98A4}" = AVG 2014 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "AVG" = AVG 2014 "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "LManager" = Launch Manager "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 27.0.1 (x86 pl)" = Mozilla Firefox 27.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "ShockwaveFlash" = Adobe Flash Player 9 ActiveX [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-02-17 10:23:05 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-17 12:26:04 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-17 13:08:02 | Computer Name = Azuro-zone | Source = Perflib | ID = 1008 Description = Error - 2014-02-17 13:08:02 | Computer Name = Azuro-zone | Source = Perflib | ID = 1010 Description = Error - 2014-02-17 17:46:24 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-18 05:31:47 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-18 16:28:38 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = Error - 2014-02-18 16:33:41 | Computer Name = Azuro-zone | Source = profsvc | ID = 1502 Description = System Windows nie może załadować profilu przechowywanego lokalnie. Możliwym powodem tego błędu jest brak wystarczających praw zabezpieczeń lub uszkodzony profil lokalny. SZCZEGÓŁY - ? Error - 2014-02-18 16:33:43 | Computer Name = Azuro-zone | Source = profsvc | ID = 1505 Description = System Windows nie może załadować profilu użytkownika, ale zalogował Cię używając domyślnego profilu systemowego. SZCZEGÓŁ - ? Error - 2014-02-18 16:43:37 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 2014-02-18 16:38:20 | Computer Name = Azuro-zone | Source = Service Control Manager | ID = 7000 Description = < End of report > [/log] vista nie ma service pack-ów bo dwa dni temu stawiałem ją na nowo po zerowaniu dysku, dziś już nie zdążę, ale jutro je zainstaluje. Przypuszczam że "szkodniki" pochodzą z backup-ów profili firefox. Mam jeszcze pytanie o tego ostatniego dotyczące właśnie profili. W trakcie pracy przeglądarki podczas próby uruchomienia menadżera profili, otwiera mi się kolejne okno aktywnego profilu zamiast wspomnianego menadżera. Poprzednio mogłem mieć otwarte dwa okna firefoxa każde z innym profilem a teraz sie tak nie da. Czy można coś z tym coś zrobić ?
Zayfi komentarz 18 lutego 2014 komentarz 18 lutego 2014 Nie ma żadnych szkodników. Przynajmniej logi tego nie pokazują. Zresetuj FF > z menu Pomoc > informacje dla pomocy technicznej > Zresetuj program Firefox dopóki nie zainstalujesz sp1 i sp2 oraz wszystkich aktualizacj mogą się dziać cuda. System jest teraz cofniety do 2004 roku. To inna bajka.
azuro komentarz 21 lutego 2014 Autor komentarz 21 lutego 2014 Nie ma żadnych szkodników. Przynajmniej logi tego nie pokazują. Zresetuj FF > z menu Pomoc > informacje dla pomocy technicznej > Zresetuj program Firefox dopóki nie zainstalujesz sp1 i sp2 oraz wszystkich aktualizacj mogą się dziać cuda. System jest teraz cofniety do 2004 roku. To inna bajka. Łatki zainstalowane, firefox po resecie śmiga aż miło. Wielkie dzięki za pomoc :hurra:
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.