x-kom hosting

[Rozwiązany] usunięcie sweet page

azuro
utworzono
utworzono (edytowane)

Witam

Problem polega na usunięciu sweet page z firefox

Po przeczytaniu kilku artykułów i zastosowaniu się do porad postanowiłem poprosić was o pomoc bo problemu niestety nie rozwiazałem.

W oknie odinstalowywania programów nie znalazłem wpisu "WPM17.8.0.3297" więc nie było czego odinstalować.

Adwcleaner też niczego nie znalazł, a mimo to po każdy kliknięciu nowej karty w firefox wyskakuje to badziewie

 

log OTL [log]OTL Extras logfile created on: 2014-02-17 17:40:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\standard\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,23% Memory free
6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,81 Gb Total Space | 27,07 Gb Free Space | 54,36% Space Free | Partition Type: NTFS
Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
 
Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3719904406-483639650-1118833482-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16062785-C998-489A-9C89-3A8BF4C86EC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{4AB9AAED-4905-47FC-A14E-89BEA45CFB67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{54A34155-4B2F-4F86-9C92-3CE35BB47B4B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{5C9B150F-643A-4470-8FBA-34E5EEB71336}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{6850025F-12F1-4E50-9012-C2911DA173DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{AC2681AC-1530-4E2A-9638-51472CBAE620}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{AF8E989B-FBF9-49B9-AB6C-F3DC383D7548}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{CA7950BC-4E07-4733-A75B-2FCC419E1E6C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{34371C5D-866E-462F-896A-BA75EC0EEDAE}" = AVG 2014
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C6CCDAE-C2BF-473B-BB1F-2D1DCC5B98A4}" = AVG 2014
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AVG" = AVG 2014
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"LManager" = Launch Manager
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 27.0.1 (x86 pl)" = Mozilla Firefox 27.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-02-16 17:38:21 | Computer Name = Azuro-zone | Source = VSS | ID = 8194
Description =
 
Error - 2014-02-16 17:38:54 | Computer Name = Azuro-zone | Source = VSS | ID = 8194
Description =
 
Error - 2014-02-16 18:14:07 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-17 03:32:02 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-17 03:53:38 | Computer Name = Azuro-zone | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mmc.exe, wersja 6.0.6000.16386, sygnatura
 czasowa 0x4549af41, moduł powodujący błąd ntdll.dll, wersja 6.0.6000.16386, sygnatura
 czasowa 0x4549bdc9, kod wyjątku 0xc0000374, przesunięcie błędu 0x000af1c9,  identyfikator
 procesu 0xd94, godzina rozpoczęcia aplikacji 0x01cf2bb4e35cd91c.
 
Error - 2014-02-17 04:53:40 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-17 05:10:00 | Computer Name = Azuro-zone | Source = Application Hang | ID = 1002
Description = Program firefox.exe w wersji 27.0.1.5156 zatrzymał interakcję z systemem
 Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
 dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
 i rozwiązaniami problemów.  Identyfikator procesu: 8fc  Godzina rozpoczęcia: 01cf2bbf51deebe1
Godzina
 zakończenia: 15
 
Error - 2014-02-17 10:12:25 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-17 10:23:05 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-17 12:26:04 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
[ System Events ]
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 05:00:57 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-17 10:17:28 | Computer Name = Azuro-zone | Source = Service Control Manager | ID = 7000
Description =
 
Error - 2014-02-17 12:20:18 | Computer Name = Azuro-zone | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

[/log]

 

[log]OTL logfile created on: 2014-02-17 17:40:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\standard\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,23% Memory free
6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,81 Gb Total Space | 27,07 Gb Free Space | 54,36% Space Free | Partition Type: NTFS
Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
 
Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-02-17 17:39:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\standard\Desktop\OTL.exe
PRC - [2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2014-02-17 10:04:47 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
PRC - [2014-02-17 08:40:19 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\standard\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2014-02-13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014-01-22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013-12-05 12:48:12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013-11-25 22:03:56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013-11-25 22:00:24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013-11-13 22:03:10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2007-07-06 04:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-06-27 10:15:34 | 000,752,136 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-02-17 10:04:47 | 016,287,624 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_44.dll
MOD - [2014-02-13 01:36:39 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014-02-13 01:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2007-08-16 13:04:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-11-25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-11-25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-11-25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013-10-31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-10-31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-10-01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-09-10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013-08-01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2007-07-25 16:39:00 | 007,604,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-06-18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-06-14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-04-29 23:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-03-21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-07 09:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014-02-17 15:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014-02-17 15:37:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3719904406-483639650-1118833482-1000..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12DCCF69-FB1B-4F5C-8955-7A920FD589F3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-02-17 17:13:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2014-02-17 15:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014-02-17 15:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014-02-17 13:45:50 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014-02-17 13:45:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2014-02-17 13:45:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2014-02-17 13:45:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014-02-17 13:45:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2014-02-17 13:45:24 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2014-02-17 13:45:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2014-02-17 13:44:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2014-02-17 13:44:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014-02-17 13:44:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2014-02-17 13:44:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2014-02-17 13:44:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2014-02-17 13:44:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2014-02-17 13:44:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2014-02-17 13:44:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2014-02-17 13:43:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014-02-17 13:43:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014-02-17 13:43:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014-02-17 13:43:25 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014-02-17 13:43:25 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014-02-17 13:42:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014-02-17 13:42:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014-02-17 13:41:31 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014-02-17 13:41:31 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2014-02-17 13:41:31 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2014-02-17 13:41:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2014-02-17 13:41:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2014-02-17 13:41:30 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2014-02-17 13:40:59 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014-02-17 13:40:59 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014-02-17 13:38:34 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2014-02-17 13:38:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2014-02-17 13:37:44 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014-02-17 13:37:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014-02-17 13:37:16 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014-02-17 13:34:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014-02-17 13:33:36 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014-02-17 13:32:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2014-02-17 13:31:26 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014-02-17 13:31:26 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2014-02-17 13:31:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2014-02-17 13:31:25 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014-02-17 13:31:25 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014-02-17 13:31:25 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2014-02-17 13:31:25 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2014-02-17 13:31:24 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014-02-17 13:31:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2014-02-17 13:31:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014-02-17 13:31:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2014-02-17 13:31:22 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2014-02-17 13:31:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2014-02-17 13:31:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2014-02-17 13:31:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2014-02-17 13:31:20 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014-02-17 13:31:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2014-02-17 13:31:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2014-02-17 13:31:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2014-02-17 13:31:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll
[2014-02-17 13:30:36 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014-02-17 13:30:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014-02-17 13:30:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014-02-17 13:30:34 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014-02-17 13:30:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014-02-17 13:30:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014-02-17 13:30:17 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2014-02-17 13:30:17 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2014-02-17 13:29:51 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014-02-17 13:29:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014-02-17 13:29:51 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2014-02-17 13:29:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014-02-17 13:29:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014-02-17 13:29:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014-02-17 13:29:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2014-02-17 13:29:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2014-02-17 13:29:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014-02-17 13:29:00 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014-02-17 13:28:51 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014-02-17 13:28:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014-02-17 13:28:39 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014-02-17 13:28:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014-02-17 13:28:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2014-02-17 13:28:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014-02-17 13:28:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014-02-17 13:28:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014-02-17 13:28:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2014-02-17 13:27:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2014-02-17 13:27:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014-02-17 13:27:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014-02-17 13:27:13 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2014-02-17 13:26:37 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014-02-17 13:26:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2014-02-17 13:26:15 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2014-02-17 13:26:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2014-02-17 13:26:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2014-02-17 13:25:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2014-02-17 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-02-17 10:50:18 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\AVG2014
[2014-02-17 10:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-02-17 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software
[2014-02-17 10:49:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-02-17 10:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-02-17 10:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014-02-17 10:45:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\MFAData
[2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Avg2014
[2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Macromedia
[2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Adobe
[2014-02-17 10:04:47 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-02-17 10:04:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-02-17 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Adobe
[2014-02-17 09:34:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2014-02-17 09:34:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2014-02-17 09:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014-02-17 09:17:14 | 000,231,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014-02-17 09:06:16 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Mozilla
[2014-02-17 09:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014-02-17 06:40:10 | 016,437,832 | ---- | C] (Macrovision Corporation) -- C:\Windows\eRy.exe
[2014-02-17 06:40:03 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2014-02-17 06:40:03 | 000,100,358 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll
[2014-02-17 06:40:01 | 000,154,624 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2014-02-17 06:39:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\devcon.exe
[2014-02-16 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Seven Zip
[2014-02-16 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PowerCinema
[2014-02-16 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PlayMovie
[2014-02-16 22:05:03 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
[2014-02-16 22:05:03 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
[2014-02-16 22:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2014-02-16 22:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Matrix Storage Manager
[2014-02-16 22:02:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2014-02-16 22:01:06 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2014-02-16 21:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2014-02-16 21:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2014-02-16 21:59:19 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData\Local\acer eNM
[2014-02-16 21:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014-02-16 21:58:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Searches
[2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014-02-16 21:58:44 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Identities
[2014-02-16 21:58:41 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Contacts
[2014-02-16 21:58:19 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\VirtualStore
[2014-02-16 21:57:32 | 040,368,034 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\acer.exe
[2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Macromedia
[2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2014-02-16 21:57:25 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2014-02-16 21:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2014-02-16 21:57:02 | 000,000,000 | --SD | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Videos
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Saved Games
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Links
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Downloads
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Documents
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Desktop
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Ustawienia lokalne
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Temporary Internet Files
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Szablony
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\SendTo
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Recent
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\PrintHood
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\NetHood
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje wideo
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje obrazy
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Moje dokumenty
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moja muzyka
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Menu Start
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Historia
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Dane aplikacji
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Dane aplikacji
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Cookies
[2014-02-16 21:57:02 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData
[2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Temp
[2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Microsoft
[2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Media Center Programs
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2014-02-16 20:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014-02-16 20:46:17 | 000,053,248 | ---- | C] (Bison Inc.) -- C:\Windows\BR040286.exe
[2014-02-16 20:45:40 | 000,126,976 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\imsmudlg.exe
[2014-02-16 20:44:56 | 001,073,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2014-02-16 20:44:55 | 000,753,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2014-02-16 20:44:55 | 000,413,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2014-02-16 20:44:55 | 000,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2014-01-19 21:46:54 | 000,022,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014-02-17 17:26:05 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-02-17 17:26:05 | 000,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014-02-17 17:26:05 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-02-17 17:26:05 | 000,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014-02-17 17:19:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014-02-17 17:19:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014-02-17 17:19:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-02-17 17:19:03 | 3219,111,936 | -HS- | M] () -- C:\hiberfil.sys
[2014-02-17 15:31:25 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001
[2014-02-17 15:11:35 | 000,292,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014-02-17 13:45:50 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014-02-17 13:45:50 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2014-02-17 13:45:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2014-02-17 13:45:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014-02-17 13:45:50 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2014-02-17 13:45:24 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2014-02-17 13:45:24 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2014-02-17 13:44:30 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2014-02-17 13:44:30 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014-02-17 13:44:30 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2014-02-17 13:44:30 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2014-02-17 13:44:30 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2014-02-17 13:44:29 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2014-02-17 13:44:29 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2014-02-17 13:44:29 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2014-02-17 13:43:26 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2014-02-17 13:43:26 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014-02-17 13:43:26 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014-02-17 13:43:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014-02-17 13:43:26 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014-02-17 13:43:25 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014-02-17 13:42:54 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014-02-17 13:42:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014-02-17 13:41:31 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014-02-17 13:41:31 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2014-02-17 13:41:31 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2014-02-17 13:41:31 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2014-02-17 13:41:31 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2014-02-17 13:41:30 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2014-02-17 13:40:59 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014-02-17 13:40:59 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014-02-17 13:38:34 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2014-02-17 13:38:34 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2014-02-17 13:37:44 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014-02-17 13:37:44 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014-02-17 13:37:16 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014-02-17 13:34:17 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014-02-17 13:32:39 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2014-02-17 13:31:50 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\i8042prt.sys.mui
[2014-02-17 13:31:50 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\sermouse.sys.mui
[2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouclass.sys.mui
[2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdclass.sys.mui
[2014-02-17 13:31:50 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouhid.sys.mui
[2014-02-17 13:31:50 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdhid.sys.mui
[2014-02-17 13:31:26 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014-02-17 13:31:26 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2014-02-17 13:31:26 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2014-02-17 13:31:25 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014-02-17 13:31:25 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014-02-17 13:31:25 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2014-02-17 13:31:25 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2014-02-17 13:31:24 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014-02-17 13:31:23 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2014-02-17 13:31:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014-02-17 13:31:23 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2014-02-17 13:31:22 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2014-02-17 13:31:22 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2014-02-17 13:31:22 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2014-02-17 13:31:22 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2014-02-17 13:31:20 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014-02-17 13:31:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2014-02-17 13:31:20 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2014-02-17 13:31:20 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2014-02-17 13:31:19 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll
[2014-02-17 13:30:36 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014-02-17 13:30:36 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014-02-17 13:30:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014-02-17 13:30:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014-02-17 13:30:34 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014-02-17 13:30:34 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014-02-17 13:30:17 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2014-02-17 13:30:17 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2014-02-17 13:29:51 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014-02-17 13:29:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014-02-17 13:29:51 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2014-02-17 13:29:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014-02-17 13:29:36 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014-02-17 13:29:36 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014-02-17 13:29:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2014-02-17 13:29:24 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2014-02-17 13:29:10 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014-02-17 13:29:01 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014-02-17 13:28:51 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014-02-17 13:28:51 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014-02-17 13:28:39 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014-02-17 13:28:38 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014-02-17 13:28:36 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014-02-17 13:28:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014-02-17 13:28:34 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014-02-17 13:28:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2014-02-17 13:27:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2014-02-17 13:27:33 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014-02-17 13:27:33 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014-02-17 13:27:13 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2014-02-17 13:26:37 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014-02-17 13:26:30 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2014-02-17 13:26:14 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2014-02-17 13:26:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2014-02-17 13:25:41 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2014-02-17 10:04:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-02-17 10:04:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-02-17 09:34:57 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2014-02-17 09:34:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2014-02-17 08:58:13 | 000,005,120 | ---- | M] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-02-17 08:54:26 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat
[2014-02-17 06:40:12 | 000,000,003 | ---- | M] () -- C:\Windows\AFirst.cmd
[2014-02-16 22:09:20 | 000,000,115 | ---- | M] () -- C:\Windows\Alaunch.ini
[2014-02-16 22:04:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2014-02-16 22:00:03 | 000,000,000 | ---- | M] () -- C:\Windows\SETUP.INI
[2014-02-16 21:59:38 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2014-02-16 21:57:09 | 000,001,550 | ---- | M] () -- C:\Windows\CLEANUP.CMD
[2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
 
========== Files Created - No Company Name ==========
 
[2014-02-17 15:37:05 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-02-17 13:43:26 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014-02-17 08:58:10 | 000,005,120 | ---- | C] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-02-17 08:31:17 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001
[2014-02-17 06:40:12 | 000,000,003 | ---- | C] () -- C:\Windows\AFirst.cmd
[2014-02-17 06:39:55 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2014-02-17 06:39:47 | 000,000,336 | ---- | C] () -- C:\Windows\ACERTOURREMINDERRUN.REG
[2014-02-17 06:39:32 | 000,001,550 | ---- | C] () -- C:\Windows\CLEANUP.CMD
[2014-02-17 06:39:32 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2014-02-17 06:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\System32\$Acer$.cmd
[2014-02-16 23:27:48 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat
[2014-02-16 22:05:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2014-02-16 22:05:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2014-02-16 22:05:03 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
[2014-02-16 22:04:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2014-02-16 22:00:03 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP.INI
[2014-02-16 21:59:38 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2014-02-16 21:58:52 | 000,000,913 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014-02-16 21:58:51 | 000,000,908 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014-02-16 21:58:41 | 000,000,879 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2014-02-16 21:57:42 | 083,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr
[2014-02-16 20:48:27 | 3219,111,936 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-02-17 13:34:48 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014-02-17 13:30:35 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014-02-17 10:50:18 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\AVG2014
[2014-02-17 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software
[2014-02-17 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\standard\AppData\Roaming\AVG2014
[2014-02-17 15:22:44 | 000,000,000 | ---D | M] -- C:\Users\standard\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

[/log]

 

log gmer [log]GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-17 18:35:33
Windows 6.0.6000  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL05 149,05GB
Running: trv2ecye.exe; Driver: C:\Users\Azuro\AppData\Local\Temp\fwdyraob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwNotifyChangeKey [0x8CD896E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwNotifyChangeMultipleKeys [0x8CD89800]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwOpenProcess [0x8CD89010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwOpenThread [0x8CD894D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwSuspendProcess [0x8CD89300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwSuspendThread [0x8CD893E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwTerminateProcess [0x8CD89120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwTerminateThread [0x8CD89210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwWriteVirtualMemory [0x8CD895E0]

---- Kernel code sections - GMER 2.1 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                          section is writeable [0x8E8BF380, 0x356B08, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3012] kernel32.dll!ActivateActCtx + 2C                               75BA7379 7 Bytes  JMP 684A049D C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3012] kernel32.dll!VirtualQuery + 24                                 75BAD172 7 Bytes  JMP 680B5A06 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3012] kernel32.dll!VirtualAllocEx + 54                               75BC9BC5 7 Bytes  JMP 684A0455 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3012] GDI32.dll!SetTextAlign + E6                                    75C67EEF 7 Bytes  JMP 684A04C4 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateFile + 6               77D0F41A 4 Bytes  [28, E0, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateFile + B               77D0F41F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateKey + 6                77D0F45A 4 Bytes  [68, E1, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateKey + B                77D0F45F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateMutant + 6             77D0F48A 4 Bytes  [28, E2, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateMutant + B             77D0F48F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateSection + 6            77D0F50A 4 Bytes  [68, E2, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtCreateSection + B            77D0F50F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtMapViewOfSection + 6         77D0FB6A 4 Bytes  [A8, E4, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtMapViewOfSection + B         77D0FB6F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenFile + 6                 77D0FBFA 4 Bytes  [68, E0, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenFile + B                 77D0FBFF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenKey + 6                  77D0FC2A 4 Bytes  [A8, E1, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenKey + B                  77D0FC2F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenMutant + 6               77D0FC4A 4 Bytes  CALL 76D10330 C:\Windows\system32\MSCTF.dll
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenMutant + B               77D0FC4F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcess + 6              77D0FC7A 4 Bytes  [28, E3, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcess + B              77D0FC7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessToken + 6         77D0FC8A 4 Bytes  [68, E3, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessToken + B         77D0FC8F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessTokenEx + 6       77D0FC9A 4 Bytes  [28, E4, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenProcessTokenEx + B       77D0FC9F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenSection + 6              77D0FCAA 4 Bytes  [A8, E2, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenSection + B              77D0FCAF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThread + 6               77D0FCEA 4 Bytes  CALL 76D103D1 C:\Windows\system32\MSCTF.dll
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThread + B               77D0FCEF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadToken + 6          77D0FCFA 4 Bytes  CALL 76D103E2 C:\Windows\system32\MSCTF.dll
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadToken + B          77D0FCFF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadTokenEx + 6        77D0FD0A 4 Bytes  [68, E4, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtOpenThreadTokenEx + B        77D0FD0F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryAttributesFile + 6      77D0FD9A 4 Bytes  [A8, E0, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryAttributesFile + B      77D0FD9F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryFullAttributesFile + 6  77D0FE4A 4 Bytes  CALL 76D1052F C:\Windows\system32\MSCTF.dll
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtQueryFullAttributesFile + B  77D0FE4F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationFile + 6       77D1036A 4 Bytes  [28, E1, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationFile + B       77D1036F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationThread + 6     77D103BA 4 Bytes  [A8, E3, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtSetInformationThread + B     77D103BF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtUnmapViewOfSection + 6       77D1065A 4 Bytes  CALL 76D10D43 C:\Windows\system32\MSCTF.dll
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ntdll.dll!NtUnmapViewOfSection + B       77D1065F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!CreateProcessW              75B81D27 5 Bytes  JMP 000800B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!CreateProcessA              75B81D5C 5 Bytes  JMP 000800F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!OpenEventW                  75BA4CB8 5 Bytes  JMP 00080070
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] kernel32.dll!CreateEventW                75BA9146 5 Bytes  JMP 00080030
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!DeleteObject                   75C65A1F 5 Bytes  JMP 000B01B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetDeviceCaps                  75C65EA6 5 Bytes  JMP 000B03B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SelectObject                   75C65FC0 5 Bytes  JMP 000B05F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetBkMode                      75C66390 5 Bytes  JMP 000B08F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetTextColor                   75C664BF 5 Bytes  JMP 000B0A30
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetStretchBltMode              75C66624 5 Bytes  JMP 000B06B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!DeleteDC                       75C669A5 5 Bytes  JMP 000B0170
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StretchDIBits                  75C66F0F 5 Bytes  JMP 000B0770
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextMetricsW                75C6720B 5 Bytes  JMP 000B0E30
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetCurrentObject               75C67419 5 Bytes  JMP 000B0370
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!RestoreDC                      75C674AA 5 Bytes  JMP 000B0530
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SaveDC                         75C67557 5 Bytes  JMP 000B0570
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextAlign                   75C67A93 5 Bytes  JMP 000B0D70
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtSelectClipRgn               75C67AE2 5 Bytes  JMP 000B02F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SelectClipRgn                  75C67BED 5 Bytes  JMP 000B05B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetTextAlign                   75C67E09 5 Bytes  JMP 000B09F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!IntersectClipRect              75C682B4 5 Bytes  JMP 000B03F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetICMMode                     75C688BB 5 Bytes  JMP 000B0DB0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtTextOutW                    75C689EC 5 Bytes  JMP 000B0970
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!MoveToEx                       75C68E09 5 Bytes  JMP 000B0470
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!Rectangle                      75C690CA 5 Bytes  JMP 000B09B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetClipBox                     75C6989D 5 Bytes  JMP 000B0330
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextFaceW                   75C6A788 5 Bytes  JMP 000B0D30
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextExtentPoint32W          75C6ABB5 5 Bytes  JMP 000B0670
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateDCA                      75C6BCD9 5 Bytes  JMP 000B00B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateDCW                      75C6BE99 5 Bytes  JMP 000B00F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateICW                      75C6BEDD 5 Bytes  JMP 000B0130
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetFontData                    75C6C6E3 5 Bytes  JMP 000B0C70
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetWorldTransform              75C6CC0A 5 Bytes  JMP 000B06F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextMetricsA                75C6D201 5 Bytes  JMP 000B0DF0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!LineTo                         75C70984 5 Bytes  JMP 000B0430
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtTextOutA                    75C710E8 5 Bytes  JMP 000B0930
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextExtentPoint32A          75C711A7 5 Bytes  JMP 000B0630
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ExtEscape                      75C7544B 5 Bytes  JMP 000B02B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!EndPage                        75C770FC 5 Bytes  JMP 000B0230
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetMiterLimit                  75C798D2 5 Bytes  JMP 000B0B70
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!ResetDCW                       75C7F929 5 Bytes  JMP 000B0AB0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetTextFaceA                   75C7FE74 5 Bytes  JMP 000B0CF0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SetPolyFillMode                75C7FF50 5 Bytes  JMP 000B0B30
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!GetGlyphOutlineW               75C7FFEF 5 Bytes  JMP 000B0CB0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!Escape                         75C80181 5 Bytes  JMP 000B0270
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CreateScalableFontResourceW    75C8D8CD 5 Bytes  JMP 000B0BB0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!AddFontResourceW               75C8DB8E 5 Bytes  JMP 000B0BF0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!RemoveFontResourceW            75C8DE3B 5 Bytes  JMP 000B0C30
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!AbortDoc                       75C92F0C 5 Bytes  JMP 000B0030
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!EndDoc                         75C9325D 5 Bytes  JMP 000B01F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StartPage                      75C93348 5 Bytes  JMP 000B0730
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StartDocW                      75C93DBB 5 Bytes  JMP 000B07F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!BeginPath                      75C94575 5 Bytes  JMP 000B0830
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!SelectClipPath                 75C945CC 5 Bytes  JMP 000B0AF0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!CloseFigure                    75C94627 5 Bytes  JMP 000B0070
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!EndPath                        75C9467E 5 Bytes  JMP 000B0A70
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!StrokePath                     75C948B0 5 Bytes  JMP 000B07B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!FillPath                       75C9493C 5 Bytes  JMP 000B0870
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!PolylineTo                     75C94DA5 5 Bytes  JMP 000B04F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!PolyBezierTo                   75C94E35 5 Bytes  JMP 000B04B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] GDI32.dll!PolyDraw                       75C94EE6 5 Bytes  JMP 000B08B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetTopWindow                  76C67BC1 7 Bytes  JMP 000C0730
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!CountClipboardFormats         76C6BEAE 5 Bytes  JMP 000C01F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!RegisterClipboardFormatW      76C6F811 5 Bytes  JMP 000C02B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!ActivateKeyboardLayout        76C7A9FF 5 Bytes  JMP 000C04F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!RegisterClipboardFormatA      76C7AEC3 5 Bytes  JMP 000C02F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardFormatNameA       76C7B1C6 5 Bytes  JMP 000C0270
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClientRect                 76C7B396 7 Bytes  JMP 000C05B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!MonitorFromWindow             76C7B4F8 7 Bytes  JMP 000C0630
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!ScreenToClient                76C7C1D8 7 Bytes  JMP 000C0670
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetParent                     76C82E91 7 Bytes  JMP 000C06F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!IsWindowVisible               76C83429 7 Bytes  JMP 000C06B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!MapWindowPoints               76C834B0 5 Bytes  JMP 000C0570
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetCursor                     76C8380D 5 Bytes  JMP 000C0530
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!PostMessageW                  76C83915 5 Bytes  JMP 000C05F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetCursorPos                  76C84EDD 5 Bytes  JMP 000C0770
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardViewer            76C84F52 5 Bytes  JMP 000C0470
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardData              76C8589C 5 Bytes  JMP 000C0030
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!EmptyClipboard                76C859B8 5 Bytes  JMP 000C0130
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!EnumClipboardFormats          76C859CA 5 Bytes  JMP 000C01B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetClipboardViewer            76C91CE7 5 Bytes  JMP 000C04B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetOpenClipboardWindow        76C91D02 5 Bytes  JMP 000C03F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!ChangeClipboardChain          76C9BABA 5 Bytes  JMP 000C0430
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!CloseClipboard                76C9CA35 5 Bytes  JMP 000C00B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!OpenClipboard                 76C9CA47 5 Bytes  JMP 000C0070
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!IsClipboardFormatAvailable    76C9CAC8 5 Bytes  JMP 000C00F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardSequenceNumber    76C9CADC 5 Bytes  JMP 000C0330
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardOwner             76C9CB0E 5 Bytes  JMP 000C0370
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!SetClipboardData              76CB116B 5 Bytes  JMP 000C0170
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetClipboardFormatNameW       76CB46EF 5 Bytes  JMP 000C0230
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] USER32.dll!GetPriorityClipboardFormat    76CC555B 5 Bytes  JMP 000C03B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!FreeContextBuffer            7589243F 5 Bytes  JMP 000E00F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!DeleteSecurityContext        758925C7 5 Bytes  JMP 000E0270
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!FreeCredentialsHandle        75892AD9 5 Bytes  JMP 000E0130
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!QueryContextAttributesA      758961FF 5 Bytes  JMP 000E0070
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!InitializeSecurityContextA   75896282 5 Bytes  JMP 000E0170
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!AcquireCredentialsHandleA    758963CE 5 Bytes  JMP 000E0030
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!EncryptMessage               75898A63 5 Bytes  JMP 000E01F0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!DecryptMessage               75898B31 5 Bytes  JMP 000E0230
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!ApplyControlToken            7589DE58 5 Bytes  JMP 000E01B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] Secur32.dll!QueryCredentialsAttributesA  7589DFD3 5 Bytes  JMP 000E00B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ole32.dll!OleGetClipboard                76FDBDB6 5 Bytes  JMP 000F00B0
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ole32.dll!OleSetClipboard                77000F64 5 Bytes  JMP 000F0030
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe[3624] ole32.dll!OleIsCurrentClipboard          7700B185 5 Bytes  JMP 000F0070
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!PaintMonitor + 94                          76C6B20C 7 Bytes  JMP 683F76A0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!GetWindowInfo                              76C700DB 5 Bytes  JMP 683FB2EA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!DefWindowProcW + 6B5                       76C82445 7 Bytes  JMP 683F7711 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3968] USER32.dll!SetMenuItemBitmaps + 3E                    76C8CFF3 7 Bytes  JMP 683F4E6D C:\Program Files\Mozilla Firefox\xul.dll

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                              [73EEFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                          [73EBB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                    [73EAA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                      [73EACBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                           [73EA8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                  [73EBCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                          [73EA7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                           [73EA7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                            [73EA6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                    [73F3C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                       [73EC7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                          [73EA90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                    [73EB2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                   [73EB21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                             [73EB7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                              [73EB7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[2272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]               [73EE83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                           avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                           avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                         avgtdix.sys

---- Processes - GMER 2.1 ----

Process          (*** hidden *** )                                                                                                [4] 83F80020                                                                                                                  

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                             unknown MBR code

---- EOF - GMER 2.1 ----

[/log]

 

pomożecie ?

Zayfi
komentarz
komentarz

stosowałeś AdwCleaner daj z niego raporty

azuro
komentarz
komentarz (edytowane)

stosowałeś AdwCleaner daj z niego raporty

[log]# AdwCleaner v3.019 - Log utworzony 17/02/2014 o 22:35:35
# Aktualizacja 17/02/2014 przez Xplode
# System operacyjny : Windows Vista (TM) Home Premium  (32 bits)
# Użytkownik : Azuro - AZURO-ZONE
# Ścieżka : C:\Users\standard\Desktop\adwcleaner.exe
# Opcja : Szukaj

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****


***** [ Skróty ] *****


***** [ Rejestr ] *****


***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v7.0.6000.16473


*************************

AdwCleaner[R0].txt - [2128 octets] - [17/02/2014 17:13:15]
AdwCleaner[R1].txt - [2188 octets] - [17/02/2014 17:14:33]
AdwCleaner[R2].txt - [828 octets] - [17/02/2014 17:29:56]
AdwCleaner[R3].txt - [691 octets] - [17/02/2014 22:35:35]
AdwCleaner[S0].txt - [2220 octets] - [17/02/2014 17:17:10]

########## EOF - \AdwCleaner\AdwCleaner[R3].txt - [810 octets] ##########

[/log]

 

niestety nie skopiowałem poprzednich logów z adwcleaner wiec przeskanowałem jeszcze raz, ale tak jak poprzednio nic (chyba) tam nie ma

Zayfi
komentarz
komentarz

Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej

:OTL
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3719904406-483639650-1118833482-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKU\S-1-5-21-3719904406-483639650-1118833482-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found

:Commands
[emptytemp]

Kliknij w Wykonaj skrypt.

 

 

Adwcleaner też niczego nie znalazł, a mimo to po każdy kliknięciu nowej karty w firefox wyskakuje to badziewie

 

 

 

 

 

 

Bo nie ma. Ale jest kompletnie nieaktualna Vista.

 

 

Brak Service Pac 1 i 2. Tak nie może byc.

 

 

Zainstaluj najpierw SP1, potem SP2. Uprzedzam ewentualne zapytania czy nie można od razu SP2 zainstalować - nie można.

 

http://www.microsoft.com/pl-pl/download/details.aspx?id=910

 

http://www.microsoft.com/pl-pl/download/details.aspx?id=15278

azuro
komentarz
komentarz

Po wykonaniu skryptu otrzymałem taki log

[log]All processes killed
========== OTL ==========
HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-3719904406-483639650-1118833482-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3719904406-483639650-1118833482-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry value HKEY_USERS\S-1-5-21-3719904406-483639650-1118833482-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Azuro
->Temp folder emptied: 14157006 bytes
->Temporary Internet Files folder emptied: 49358 bytes
->Flash cache emptied: 592 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: standard
->Temp folder emptied: 242141 bytes
->Temporary Internet Files folder emptied: 7709219 bytes
->FireFox cache emptied: 372488128 bytes
->Flash cache emptied: 3382 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65084 bytes
RecycleBin emptied: 555009 bytes
 
Total Files Cleaned = 377,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02182014_213413

Files\Folders moved on Reboot...
C:\Users\standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03016HDH\-npz8I08j1p4obSJnaZfLUVLlIm0umyx7nT5vEtjvLjffwrwgsM9eMI6MK6gw6NuSh90iY83ZAlTifoRdhXtg6[1].eot moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[/log]

 

log skanu

[log]OTL logfile created on: 2014-02-18 21:43:58 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\standard\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,30% Memory free
6,19 Gb Paging File | 5,13 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,81 Gb Total Space | 24,59 Gb Free Space | 49,36% Space Free | Partition Type: NTFS
Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
 
Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014-02-18 21:37:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\standard\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2014-02-17 17:39:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\standard\Desktop\OTL.exe
PRC - [2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2014-02-13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014-01-22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013-12-05 12:48:12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013-11-25 22:03:56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013-11-25 22:00:24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013-11-13 22:03:10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2007-07-06 04:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-06-27 10:15:34 | 000,752,136 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014-02-13 01:36:39 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014-02-13 01:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2007-08-16 13:04:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006-11-24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-11-25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-11-25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-11-25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013-10-31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-10-31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-10-01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-09-10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013-08-01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2007-07-25 16:39:00 | 007,604,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-06-18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-06-14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-04-29 23:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-03-21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-07 09:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014-02-17 15:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014-02-17 15:37:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S1].txt ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12DCCF69-FB1B-4F5C-8955-7A920FD589F3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014-02-18 21:34:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-02-17 17:13:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2014-02-17 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2014-02-17 15:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014-02-17 15:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014-02-17 13:45:50 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014-02-17 13:45:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2014-02-17 13:45:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2014-02-17 13:45:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014-02-17 13:45:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2014-02-17 13:45:24 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2014-02-17 13:45:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2014-02-17 13:44:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2014-02-17 13:44:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014-02-17 13:44:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2014-02-17 13:44:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2014-02-17 13:44:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2014-02-17 13:44:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2014-02-17 13:44:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2014-02-17 13:44:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2014-02-17 13:43:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014-02-17 13:43:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014-02-17 13:43:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014-02-17 13:43:25 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014-02-17 13:43:25 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014-02-17 13:42:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014-02-17 13:42:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014-02-17 13:41:31 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014-02-17 13:41:31 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2014-02-17 13:41:31 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2014-02-17 13:41:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2014-02-17 13:41:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2014-02-17 13:41:30 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2014-02-17 13:40:59 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014-02-17 13:40:59 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014-02-17 13:38:34 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2014-02-17 13:38:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2014-02-17 13:37:44 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014-02-17 13:37:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014-02-17 13:37:16 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014-02-17 13:34:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014-02-17 13:33:36 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014-02-17 13:32:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2014-02-17 13:31:26 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014-02-17 13:31:26 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2014-02-17 13:31:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2014-02-17 13:31:25 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014-02-17 13:31:25 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014-02-17 13:31:25 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2014-02-17 13:31:25 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2014-02-17 13:31:24 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014-02-17 13:31:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2014-02-17 13:31:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014-02-17 13:31:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2014-02-17 13:31:22 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2014-02-17 13:31:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2014-02-17 13:31:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2014-02-17 13:31:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2014-02-17 13:31:20 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014-02-17 13:31:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2014-02-17 13:31:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2014-02-17 13:31:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2014-02-17 13:31:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll
[2014-02-17 13:30:36 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014-02-17 13:30:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014-02-17 13:30:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014-02-17 13:30:34 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014-02-17 13:30:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014-02-17 13:30:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014-02-17 13:30:17 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2014-02-17 13:30:17 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2014-02-17 13:29:51 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014-02-17 13:29:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014-02-17 13:29:51 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2014-02-17 13:29:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014-02-17 13:29:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014-02-17 13:29:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014-02-17 13:29:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2014-02-17 13:29:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2014-02-17 13:29:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014-02-17 13:29:00 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014-02-17 13:28:51 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014-02-17 13:28:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014-02-17 13:28:39 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014-02-17 13:28:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014-02-17 13:28:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2014-02-17 13:28:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014-02-17 13:28:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014-02-17 13:28:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014-02-17 13:28:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2014-02-17 13:27:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2014-02-17 13:27:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014-02-17 13:27:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014-02-17 13:27:13 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2014-02-17 13:26:37 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014-02-17 13:26:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2014-02-17 13:26:15 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2014-02-17 13:26:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2014-02-17 13:26:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2014-02-17 13:25:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2014-02-17 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-02-17 10:50:18 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\AVG2014
[2014-02-17 10:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-02-17 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software
[2014-02-17 10:49:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-02-17 10:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-02-17 10:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014-02-17 10:45:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\MFAData
[2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-02-17 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Avg2014
[2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Macromedia
[2014-02-17 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Adobe
[2014-02-17 10:04:47 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-02-17 10:04:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-02-17 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Adobe
[2014-02-17 09:34:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2014-02-17 09:34:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2014-02-17 09:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014-02-17 09:17:14 | 000,231,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014-02-17 09:06:16 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Mozilla
[2014-02-17 09:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014-02-17 06:40:10 | 016,437,832 | ---- | C] (Macrovision Corporation) -- C:\Windows\eRy.exe
[2014-02-17 06:40:03 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2014-02-17 06:40:03 | 000,100,358 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll
[2014-02-17 06:40:01 | 000,154,624 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2014-02-17 06:39:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\devcon.exe
[2014-02-16 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Seven Zip
[2014-02-16 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PowerCinema
[2014-02-16 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\PlayMovie
[2014-02-16 22:05:03 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
[2014-02-16 22:05:03 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
[2014-02-16 22:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2014-02-16 22:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Matrix Storage Manager
[2014-02-16 22:02:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2014-02-16 22:01:06 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2014-02-16 21:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2014-02-16 21:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2014-02-16 21:59:19 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData\Local\acer eNM
[2014-02-16 21:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014-02-16 21:58:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Searches
[2014-02-16 21:58:51 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014-02-16 21:58:44 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Identities
[2014-02-16 21:58:41 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Contacts
[2014-02-16 21:58:19 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\VirtualStore
[2014-02-16 21:57:32 | 040,368,034 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\acer.exe
[2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Macromedia
[2014-02-16 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2014-02-16 21:57:25 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2014-02-16 21:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2014-02-16 21:57:02 | 000,000,000 | --SD | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Videos
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Saved Games
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Links
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Downloads
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Documents
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\Desktop
[2014-02-16 21:57:02 | 000,000,000 | R--D | C] -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Ustawienia lokalne
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Temporary Internet Files
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Szablony
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\SendTo
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Recent
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\PrintHood
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\NetHood
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje wideo
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moje obrazy
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Moje dokumenty
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Documents\Moja muzyka
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Menu Start
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Historia
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Dane aplikacji
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\AppData\Local\Dane aplikacji
[2014-02-16 21:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Azuro\Cookies
[2014-02-16 21:57:02 | 000,000,000 | -H-D | C] -- C:\Users\Azuro\AppData
[2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Temp
[2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Local\Microsoft
[2014-02-16 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Azuro\AppData\Roaming\Media Center Programs
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2014-02-16 21:53:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2014-02-16 20:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014-02-16 20:46:17 | 000,053,248 | ---- | C] (Bison Inc.) -- C:\Windows\BR040286.exe
[2014-02-16 20:45:40 | 000,126,976 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\imsmudlg.exe
[2014-02-16 20:44:56 | 001,073,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2014-02-16 20:44:55 | 000,753,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2014-02-16 20:44:55 | 000,413,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2014-02-16 20:44:55 | 000,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2014-01-19 21:46:54 | 000,022,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014-02-18 21:43:39 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-02-18 21:43:39 | 000,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014-02-18 21:43:39 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-02-18 21:43:39 | 000,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014-02-18 21:37:20 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014-02-18 21:37:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014-02-18 21:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-02-18 21:36:54 | 3219,111,936 | -HS- | M] () -- C:\hiberfil.sys
[2014-02-18 18:27:50 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\http.sys.mui
[2014-02-17 15:31:25 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001
[2014-02-17 15:11:35 | 000,292,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014-02-17 13:45:50 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014-02-17 13:45:50 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2014-02-17 13:45:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2014-02-17 13:45:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014-02-17 13:45:50 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2014-02-17 13:45:24 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2014-02-17 13:45:24 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2014-02-17 13:44:30 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2014-02-17 13:44:30 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014-02-17 13:44:30 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2014-02-17 13:44:30 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2014-02-17 13:44:30 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2014-02-17 13:44:29 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2014-02-17 13:44:29 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2014-02-17 13:44:29 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2014-02-17 13:43:26 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2014-02-17 13:43:26 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014-02-17 13:43:26 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014-02-17 13:43:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014-02-17 13:43:26 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014-02-17 13:43:25 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014-02-17 13:42:54 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014-02-17 13:42:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014-02-17 13:41:31 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014-02-17 13:41:31 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2014-02-17 13:41:31 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2014-02-17 13:41:31 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2014-02-17 13:41:31 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2014-02-17 13:41:30 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2014-02-17 13:40:59 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014-02-17 13:40:59 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014-02-17 13:38:34 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2014-02-17 13:38:34 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2014-02-17 13:37:44 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014-02-17 13:37:44 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014-02-17 13:37:16 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014-02-17 13:34:17 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014-02-17 13:33:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014-02-17 13:32:39 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2014-02-17 13:31:50 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\i8042prt.sys.mui
[2014-02-17 13:31:50 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\sermouse.sys.mui
[2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouclass.sys.mui
[2014-02-17 13:31:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdclass.sys.mui
[2014-02-17 13:31:50 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\mouhid.sys.mui
[2014-02-17 13:31:50 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\kbdhid.sys.mui
[2014-02-17 13:31:26 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014-02-17 13:31:26 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2014-02-17 13:31:26 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2014-02-17 13:31:25 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014-02-17 13:31:25 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014-02-17 13:31:25 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2014-02-17 13:31:25 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2014-02-17 13:31:24 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014-02-17 13:31:23 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2014-02-17 13:31:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014-02-17 13:31:23 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2014-02-17 13:31:22 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2014-02-17 13:31:22 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2014-02-17 13:31:22 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2014-02-17 13:31:22 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2014-02-17 13:31:20 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014-02-17 13:31:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2014-02-17 13:31:20 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2014-02-17 13:31:20 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2014-02-17 13:31:19 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106.dll
[2014-02-17 13:30:36 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014-02-17 13:30:36 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014-02-17 13:30:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014-02-17 13:30:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014-02-17 13:30:34 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014-02-17 13:30:34 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014-02-17 13:30:17 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2014-02-17 13:30:17 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2014-02-17 13:29:51 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014-02-17 13:29:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014-02-17 13:29:51 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2014-02-17 13:29:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014-02-17 13:29:36 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014-02-17 13:29:36 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014-02-17 13:29:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2014-02-17 13:29:24 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2014-02-17 13:29:10 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014-02-17 13:29:01 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014-02-17 13:28:51 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014-02-17 13:28:51 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014-02-17 13:28:39 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014-02-17 13:28:38 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014-02-17 13:28:36 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014-02-17 13:28:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014-02-17 13:28:34 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014-02-17 13:28:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2014-02-17 13:27:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2014-02-17 13:27:33 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014-02-17 13:27:33 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014-02-17 13:27:13 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2014-02-17 13:26:37 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014-02-17 13:26:30 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2014-02-17 13:26:14 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2014-02-17 13:26:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2014-02-17 13:25:41 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2014-02-17 10:04:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-02-17 10:04:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-02-17 09:34:57 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2014-02-17 09:34:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2014-02-17 08:58:13 | 000,005,120 | ---- | M] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-02-17 08:54:26 | 000,027,335 | ---- | M] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat
[2014-02-17 06:40:12 | 000,000,003 | ---- | M] () -- C:\Windows\AFirst.cmd
[2014-02-16 22:09:20 | 000,000,115 | ---- | M] () -- C:\Windows\Alaunch.ini
[2014-02-16 22:04:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2014-02-16 22:00:03 | 000,000,000 | ---- | M] () -- C:\Windows\SETUP.INI
[2014-02-16 21:59:38 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2014-02-16 21:57:09 | 000,001,550 | ---- | M] () -- C:\Windows\CLEANUP.CMD
[2014-01-19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014-02-17 15:37:05 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-02-17 13:43:26 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014-02-17 08:58:10 | 000,005,120 | ---- | C] () -- C:\Users\Azuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-02-17 08:31:17 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.001
[2014-02-17 06:40:12 | 000,000,003 | ---- | C] () -- C:\Windows\AFirst.cmd
[2014-02-17 06:39:55 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2014-02-17 06:39:47 | 000,000,336 | ---- | C] () -- C:\Windows\ACERTOURREMINDERRUN.REG
[2014-02-17 06:39:32 | 000,001,550 | ---- | C] () -- C:\Windows\CLEANUP.CMD
[2014-02-17 06:39:32 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2014-02-17 06:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\System32\$Acer$.cmd
[2014-02-16 23:27:48 | 000,027,335 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\nvModes.dat
[2014-02-16 22:05:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2014-02-16 22:05:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2014-02-16 22:05:03 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
[2014-02-16 22:04:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2014-02-16 22:00:03 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP.INI
[2014-02-16 21:59:38 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2014-02-16 21:58:52 | 000,000,913 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014-02-16 21:58:51 | 000,000,908 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014-02-16 21:58:41 | 000,000,879 | ---- | C] () -- C:\Users\Azuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2014-02-16 21:57:42 | 083,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr
[2014-02-16 20:48:27 | 3219,111,936 | -HS- | C] () -- C:\hiberfil.sys
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-02-17 13:34:48 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014-02-17 13:30:35 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014-02-17 10:50:18 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\AVG2014
[2014-02-17 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Azuro\AppData\Roaming\TuneUp Software
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

[/log]

 

[log]OTL Extras logfile created on: 2014-02-18 21:43:58 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\standard\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,30% Memory free
6,19 Gb Paging File | 5,13 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,81 Gb Total Space | 24,59 Gb Free Space | 49,36% Space Free | Partition Type: NTFS
Drive E: | 99,24 Gb Total Space | 87,21 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
 
Computer Name: AZURO-ZONE | User Name: Azuro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16062785-C998-489A-9C89-3A8BF4C86EC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{4AB9AAED-4905-47FC-A14E-89BEA45CFB67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{54A34155-4B2F-4F86-9C92-3CE35BB47B4B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{5C9B150F-643A-4470-8FBA-34E5EEB71336}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{6850025F-12F1-4E50-9012-C2911DA173DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{AC2681AC-1530-4E2A-9638-51472CBAE620}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{AF8E989B-FBF9-49B9-AB6C-F3DC383D7548}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{CA7950BC-4E07-4733-A75B-2FCC419E1E6C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{34371C5D-866E-462F-896A-BA75EC0EEDAE}" = AVG 2014
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C6CCDAE-C2BF-473B-BB1F-2D1DCC5B98A4}" = AVG 2014
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AVG" = AVG 2014
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"LManager" = Launch Manager
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 27.0.1 (x86 pl)" = Mozilla Firefox 27.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2014-02-17 10:23:05 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-17 12:26:04 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-17 13:08:02 | Computer Name = Azuro-zone | Source = Perflib | ID = 1008
Description =
 
Error - 2014-02-17 13:08:02 | Computer Name = Azuro-zone | Source = Perflib | ID = 1010
Description =
 
Error - 2014-02-17 17:46:24 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-18 05:31:47 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-18 16:28:38 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
Error - 2014-02-18 16:33:41 | Computer Name = Azuro-zone | Source = profsvc | ID = 1502
Description = System Windows nie może załadować profilu przechowywanego lokalnie.
 Możliwym powodem tego błędu jest brak wystarczających praw zabezpieczeń lub uszkodzony
 profil lokalny.      SZCZEGÓŁY - ?
 
Error - 2014-02-18 16:33:43 | Computer Name = Azuro-zone | Source = profsvc | ID = 1505
Description = System Windows nie może załadować profilu użytkownika, ale zalogował
 Cię używając domyślnego profilu systemowego.      SZCZEGÓŁ - ?
 
Error - 2014-02-18 16:43:37 | Computer Name = Azuro-zone | Source = WerSvc | ID = 5007
Description =
 
[ System Events ]
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 05:33:04 | Computer Name = Azuro-zone | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 2014-02-18 16:38:20 | Computer Name = Azuro-zone | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

[/log]

 

vista nie ma service pack-ów bo dwa dni temu stawiałem ją na nowo po zerowaniu dysku, dziś już nie zdążę, ale jutro je zainstaluje.

Przypuszczam że "szkodniki" pochodzą z backup-ów profili firefox.

Mam jeszcze pytanie o tego ostatniego dotyczące właśnie profili.

W trakcie pracy przeglądarki podczas próby uruchomienia menadżera profili, otwiera mi się kolejne okno aktywnego profilu zamiast wspomnianego menadżera. Poprzednio mogłem mieć otwarte dwa okna firefoxa każde z innym profilem a teraz sie tak nie da. Czy można coś z tym coś zrobić ?

Zayfi
komentarz
komentarz

Nie ma żadnych szkodników. Przynajmniej logi tego nie pokazują.

 

Zresetuj FF > z menu Pomoc > informacje dla pomocy technicznej > Zresetuj program Firefox

 

 

dopóki nie zainstalujesz sp1 i sp2 oraz wszystkich aktualizacj mogą się dziać cuda. System jest teraz cofniety do 2004 roku. To inna bajka.

azuro
komentarz
komentarz

Nie ma żadnych szkodników. Przynajmniej logi tego nie pokazują.

 

Zresetuj FF > z menu Pomoc > informacje dla pomocy technicznej > Zresetuj program Firefox

 

 

dopóki nie zainstalujesz sp1 i sp2 oraz wszystkich aktualizacj mogą się dziać cuda. System jest teraz cofniety do 2004 roku. To inna bajka.

Łatki zainstalowane, firefox po resecie śmiga aż miło.

Wielkie dzięki za pomoc :hurra:

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.