Pogi utworzono 22 lutego 2014 utworzono 22 lutego 2014 (edytowane) Witam. Od kilku dni mam pewien problem. Co jakiś czas otwierają mi się nowe karty przeglądarki Google Chrome z reklamami co jest bardzo denerwujące. Od tego samego czasu internet zaczyna co jakiś czas przerywać. Czy wiecie jak usunąć wyskakujące reklamy oraz czy przerywanie internetu może być spowodowane wirusami na komputerze? Zrobiłem skanowanie OTL [spoiler]OTL logfile created on: 2014-02-22 14:39:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcin\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,21 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 48,21% Memory free 4,43 Gb Paging File | 2,87 Gb Available in Paging File | 64,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,13 Gb Total Space | 250,46 Gb Free Space | 87,53% Space Free | Partition Type: NTFS Drive D: | 345,48 Gb Total Space | 304,88 Gb Free Space | 88,25% Space Free | Partition Type: NTFS Drive E: | 292,97 Gb Total Space | 287,99 Gb Free Space | 98,30% Space Free | Partition Type: NTFS Computer Name: MARCIN-KOMPUTER | User Name: Marcin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2014-02-22 14:33:11 | 000,493,568 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe PRC - [2014-02-22 14:30:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin\Downloads\OTL.exe PRC - [2014-02-21 05:24:28 | 001,727,264 | ---- | M] () -- C:\Program Files\AdvanceMark\AdvanceMark.FirstRun.exe PRC - [2014-02-21 05:23:30 | 000,111,392 | ---- | M] () -- C:\Program Files\AdvanceMark\updateAdvanceMark.exe PRC - [2014-02-20 11:41:08 | 000,508,016 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginService\PluginService.exe PRC - [2014-02-20 02:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2014-02-14 11:43:47 | 003,835,392 | ---- | M] () -- C:\Users\Marcin\AppData\Local\Lollipop\Lollipop.exe PRC - [2014-01-17 23:54:12 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-10-23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013-10-23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013-08-02 01:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2013-06-04 23:02:49 | 000,492,032 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2013-06-04 23:02:11 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2013-06-04 18:39:14 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-04-16 02:37:22 | 001,810,432 | ---- | M] (Ovislink Corp.) -- C:\Program Files\Ovislink\Common\AirLiveUI.exe PRC - [2009-12-15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ovislink\Common\RaRegistry.exe========== Modules (No Company Name) ========== MOD - [2014-02-21 05:24:28 | 001,727,264 | ---- | M] () -- C:\Program Files\AdvanceMark\AdvanceMark.FirstRun.exe MOD - [2014-02-20 02:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll MOD - [2014-02-20 02:03:04 | 013,632,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll MOD - [2014-02-20 02:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll MOD - [2014-02-20 02:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\libglesv2.dll MOD - [2014-02-20 02:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\libegl.dll MOD - [2014-02-20 02:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll MOD - [2014-02-20 02:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll MOD - [2014-02-14 11:43:47 | 003,835,392 | ---- | M] () -- C:\Users\Marcin\AppData\Local\Lollipop\Lollipop.exe MOD - [2014-02-14 00:08:18 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\360603d8efa82557e7fce70287cb242e\WindowsFormsIntegration.ni.dll MOD - [2014-02-14 00:00:56 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll MOD - [2014-02-14 00:00:53 | 012,185,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\8dbb3695de029545879b6eae46335707\System.Web.ni.dll MOD - [2014-02-14 00:00:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9ec8060dd7bfb448f298dcd12d547062\System.Runtime.Remoting.ni.dll MOD - [2014-02-14 00:00:21 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll MOD - [2014-02-13 23:58:44 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\bcb9740a818749a54e8e76b201634a1f\System.Management.ni.dll MOD - [2014-02-13 21:05:59 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\880358291baf3043e07b2a7c2f401c85\PresentationFramework.ni.dll MOD - [2014-02-13 21:05:49 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\db591e35967527b7b864124303dea13a\PresentationCore.ni.dll MOD - [2014-02-13 21:05:48 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4bfb0decf7cfe076020f64ee6dd007cc\PresentationFramework.Aero.ni.dll MOD - [2014-02-13 21:05:47 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll MOD - [2014-02-13 21:05:45 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll MOD - [2014-02-13 21:05:43 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll MOD - [2014-02-13 21:05:41 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dc74ab189aa9b156581a7228866d3330\WindowsBase.ni.dll MOD - [2014-02-13 21:05:40 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll MOD - [2014-02-13 21:05:40 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll MOD - [2014-02-13 21:05:39 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll MOD - [2014-02-13 21:05:35 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll MOD - [2014-02-13 21:02:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\751b229fbd2d3f6f513ab1c94dad9220\System.Windows.Forms.ni.dll MOD - [2014-02-13 21:02:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\236414f8e3137dd32f350e41fbdfa2c8\System.Drawing.ni.dll MOD - [2014-02-13 21:02:14 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\aef3e3e63c8a2facdb5b12a0de76c3b9\System.Xml.ni.dll MOD - [2014-02-13 21:01:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8a9cfd6b821ec7ec605897b699b69f53\System.Configuration.ni.dll MOD - [2014-02-13 21:01:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4241d1ece5590df3a828c9739dc82bf2\System.ni.dll MOD - [2014-02-13 21:01:14 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll MOD - [2013-06-04 18:39:32 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2012-12-18 10:03:12 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-12-10 11:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files\Ovislink\Common\RaWLAPI.dll========== Services (SafeList) ========== SRV - [2014-02-22 14:33:11 | 000,493,568 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm) SRV - [2014-02-21 05:23:30 | 000,111,392 | ---- | M] () [Auto | Running] -- C:\Program Files\AdvanceMark\updateAdvanceMark.exe -- (Update AdvanceMark) SRV - [2014-02-20 23:19:42 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-02-20 11:41:08 | 000,508,016 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService) SRV - [2014-02-06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-01-17 20:17:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-10-23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-06-04 23:02:11 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013-06-04 18:39:14 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011-08-30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2009-12-15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ovislink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2014-01-16 10:50:00 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2014-01-16 10:49:59 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2014-01-16 10:49:51 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013-09-27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013-06-05 00:08:39 | 010,289,664 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2013-06-04 22:34:09 | 000,485,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2013-05-06 10:45:30 | 000,019,536 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UsbCharger.sys -- (UsbCharger) DRV - [2013-04-24 17:31:04 | 000,079,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2013-02-26 15:35:20 | 000,179,296 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdxhc.sys -- (amdxhc) DRV - [2013-02-26 15:35:20 | 000,086,624 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdhub30.sys -- (amdhub30) DRV - [2013-02-19 12:18:56 | 000,018,512 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2012-10-18 15:04:12 | 001,570,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2012-10-11 21:49:06 | 000,070,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata) DRV - [2012-10-11 21:49:06 | 000,034,984 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata) DRV - [2012-08-28 13:27:24 | 000,045,736 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2012-04-09 10:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2) DRV - [2011-02-08 16:03:26 | 000,057,456 | ---- | M] (Giga-Byte Technology CO., LTD.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VirtDiskBus.sys -- (VirtDiskBus) DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)========== Standard Registry (All) ==================== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp.com/web/?type=ds&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp.com/web/?type=ds&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2014-02-17 21:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Extensions [2014-02-17 21:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2014-02-22 14:39:23 | 000,002,004 | ---- | M] () (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi========== Chrome ========== CHR - default_search_provider: awesomehp (Enabled) CHR - default_search_provider: search_url = http://www.awesomehp.com/web/?type=ds&ts=1393075936&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.awesomehp.com/?type=hp&ts=1393076011&from=sfpsnew2&uid=ST1000DM003-1CH162_Z1D7TJ9SXXXXZ1D7TJ9S CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: Szukaj w Google = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: Google Wallet = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Widget context = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0\ CHR - Extension: Gmail = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (AdvanceMark) - {4e65dc6b-0322-48fa-a6b3-fda44fbd34c2} - C:\Program Files\AdvanceMark\AdvanceMarkBHO.dll (AdvanceMark) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found O4 - HKCU..\Run: [lollipop] c:\users\marcin\appdata\local\lollipop\lollipop.exe () O4 - HKCU..\Run: [NextLive] C:\Users\Marcin\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe) O4 - HKCU..\Run: [Overwolf] C:\Program Files\Overwolf\Overwolf.exe -silent File not found O4 - Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.152.46.50 194.152.46.51 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CF1E78-7889-47BB-B527-BB0BE6380FDB}: DhcpNameServer = 194.152.46.50 194.152.46.51 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F115778B-DFE8-4581-975D-299A09EDF6AF}: DhcpNameServer = 194.152.46.50 194.152.46.51 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{23399fc4-7e24-11e3-9f5e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{23399fc4-7e24-11e3-9f5e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe O33 - MountPoints2\{9573ac45-7e9a-11e3-8783-74d43508b09b}\Shell - "" = AutoRun O33 - MountPoints2\{9573ac45-7e9a-11e3-8783-74d43508b09b}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ========== [2014-02-22 14:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService [2014-02-22 14:33:14 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\SupTab [2014-02-22 14:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab [2014-02-22 14:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM [2014-02-22 14:32:21 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\awesomehp [2014-02-22 14:31:11 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\SwvUpdater [2014-02-22 14:31:11 | 000,000,000 | ---D | C] -- C:\Users\Marcin\.android [2014-02-22 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\cache [2014-02-22 14:31:08 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\newnext.me [2014-02-22 14:31:08 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\genienext [2014-02-22 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\Mobogenie [2014-02-22 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Mobogenie [2014-02-22 14:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\AdvanceMark [2014-02-22 14:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie [2014-02-19 19:54:13 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Multibooki [2014-02-19 19:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multibooki NE [2014-02-19 19:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Multibooki NE [2014-02-19 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\YDP [2014-02-19 13:39:20 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\TP-LINK [2014-02-19 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK [2014-02-19 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\TP-LINK [2014-02-19 13:37:10 | 001,570,304 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athur.sys [2014-02-19 13:37:10 | 001,570,304 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athur.sys [2014-02-19 13:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2014-02-18 10:20:16 | 000,000,000 | R--D | C] -- C:\Users\Marcin\Documents\Scanned Documents [2014-02-18 10:20:16 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\Fax [2014-02-17 21:35:36 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Mozilla [2014-02-14 22:34:13 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Desktop\strings [2014-02-14 22:06:36 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\SpinTires [2014-02-14 11:49:23 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\Optimizer Pro [2014-02-14 11:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2014-02-14 11:44:18 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Math Problem Solver [2014-02-14 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Math Problem Solver [2014-02-14 11:43:47 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop [2014-02-14 11:43:47 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Lollipop [2014-02-13 21:06:05 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014-02-13 21:06:05 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014-02-13 21:06:05 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014-02-13 21:06:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014-02-13 21:06:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014-02-13 21:06:04 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014-02-13 21:06:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014-02-13 21:06:04 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014-02-13 21:06:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014-02-13 21:06:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014-02-13 21:06:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014-02-13 21:06:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014-02-13 21:06:03 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014-02-13 21:06:03 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014-02-13 21:06:02 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014-02-13 21:06:00 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014-02-13 14:09:39 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\efile [2014-02-13 14:09:39 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\com.efile.epity2013 [2014-02-13 09:37:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2014-02-13 09:35:53 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2014-02-13 09:35:53 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2014-02-13 09:35:39 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2014-02-13 09:35:39 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2014-02-13 09:35:39 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2014-02-13 09:35:39 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2014-02-13 09:35:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2014-02-13 09:35:39 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2014-02-13 09:35:39 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2014-02-13 09:35:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2014-02-13 09:35:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2014-02-12 18:04:07 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Desktop\xvm [2014-02-12 18:04:07 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Desktop\0.8.11 [2014-02-01 10:22:47 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\BANDISOFT [2014-02-01 10:22:44 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\Bandicam [2014-02-01 10:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam [2014-02-01 10:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1 [2014-01-30 11:49:24 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\Notesy programu OneNote [2014-01-30 11:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2014-01-30 11:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2014-01-28 19:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2014-01-28 19:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2014-01-28 19:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2014-01-28 18:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2014-01-28 18:53:46 | 000,031,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll [2014-01-28 18:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2014-01-28 18:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2014-01-28 18:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2014-01-28 18:52:17 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2014-01-28 18:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2014-01-28 18:51:03 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Microsoft Help [2014-01-28 18:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2014-01-28 18:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2014-01-28 18:50:41 | 000,000,000 | RH-D | C] -- C:\MSOCache [2014-01-28 18:45:49 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\WinRAR [2014-01-28 18:43:41 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2014-01-28 18:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2014-01-28 18:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2014-01-27 16:28:26 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Macromedia [2014-01-27 16:26:50 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-01-27 16:26:50 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-01-27 16:26:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2014-01-27 16:23:56 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Adobe [2014-01-27 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Grupa IMAGE [2014-01-27 16:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Grupa IMAGE [2014-01-27 16:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grupa IMAGE [2014-01-27 15:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Grupa Image [2014-01-24 10:05:47 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\WarThunder [2014-01-24 10:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder [2014-01-24 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder [2014-01-24 10:05:39 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\My Games [2014-01-24 10:05:25 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Programs [1 C:\Users\Marcin\Documents\*.tmp files -> C:\Users\Marcin\Documents\*.tmp -> ]========== Files - Modified Within 30 Days ========== [2014-02-22 14:33:32 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-02-22 14:31:12 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2014-02-22 14:19:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-02-22 13:54:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-02-22 10:01:27 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-02-22 10:01:27 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-02-22 09:59:10 | 000,750,128 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-02-22 09:59:10 | 000,656,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-02-22 09:59:10 | 000,158,620 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-02-22 09:59:10 | 000,124,930 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-02-22 09:54:27 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-02-22 09:54:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-02-22 09:54:05 | 1782,931,456 | -HS- | M] () -- C:\hiberfil.sys [2014-02-20 23:39:12 | 000,983,691 | ---- | M] () -- C:\Users\Marcin\Desktop\20140220_2331_germany-E-75_33_fjord.wotreplay [2014-02-20 23:19:32 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-02-20 23:19:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-02-19 21:31:53 | 000,482,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014-02-19 19:52:13 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Multibooki NE.lnk [2014-02-19 13:39:07 | 000,002,249 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-02-19 13:39:07 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2014-02-18 10:09:56 | 000,110,898 | ---- | M] () -- C:\Users\Marcin\Desktop\plan zajec1.pdf [2014-02-18 10:09:04 | 000,116,821 | ---- | M] () -- C:\Users\Marcin\Desktop\plan zajec.pdf [2014-02-06 11:20:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014-02-06 11:19:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014-02-06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014-02-06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014-02-06 10:52:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014-02-06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014-02-06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014-02-06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014-02-06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014-02-06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014-02-06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014-02-06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014-02-06 10:25:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014-02-06 10:13:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014-02-06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014-02-06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014-02-01 10:22:41 | 000,000,709 | ---- | M] () -- C:\Users\Marcin\Desktop\Bandicam.lnk [2014-01-30 11:49:24 | 000,001,316 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2014-01-28 19:27:37 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014-01-27 16:09:26 | 000,000,094 | ---- | M] () -- C:\Users\Marcin\Documents\PrawkoB2013P.ini [2014-01-27 16:04:18 | 000,000,857 | ---- | M] () -- C:\Users\Marcin\Desktop\Testy Bplus.lnk [2014-01-24 10:05:41 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\WarThunder.lnk [1 C:\Users\Marcin\Documents\*.tmp files -> C:\Users\Marcin\Documents\*.tmp -> ]========== Files Created - No Company Name ========== [2014-02-22 14:31:12 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job [2014-02-20 23:44:12 | 000,983,691 | ---- | C] () -- C:\Users\Marcin\Desktop\20140220_2331_germany-E-75_33_fjord.wotreplay [2014-02-19 19:52:13 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\Multibooki NE.lnk [2014-02-19 13:39:07 | 000,002,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-02-19 13:39:07 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2014-02-19 13:37:10 | 000,027,631 | ---- | C] () -- C:\Windows\System32\netathur.inf [2014-02-19 13:37:10 | 000,007,514 | ---- | C] () -- C:\Windows\System32\athurext.cat [2014-02-18 10:09:56 | 000,110,898 | ---- | C] () -- C:\Users\Marcin\Desktop\plan zajec1.pdf [2014-02-18 10:09:03 | 000,116,821 | ---- | C] () -- C:\Users\Marcin\Desktop\plan zajec.pdf [2014-02-01 10:22:41 | 000,000,709 | ---- | C] () -- C:\Users\Marcin\Desktop\Bandicam.lnk [2014-01-30 11:49:24 | 000,001,316 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2014-01-28 19:27:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2014-01-28 19:27:37 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014-01-27 16:26:52 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-01-27 16:09:26 | 000,000,094 | ---- | C] () -- C:\Users\Marcin\Documents\PrawkoB2013P.ini [2014-01-27 16:04:18 | 000,000,857 | ---- | C] () -- C:\Users\Marcin\Desktop\Testy Bplus.lnk [2014-01-24 10:05:41 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\WarThunder.lnk [2014-01-16 22:53:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2014-01-16 22:52:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2014-01-16 10:03:41 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2014-01-16 10:03:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2014-01-16 09:53:25 | 000,620,273 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2014-01-16 09:53:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2014-01-16 09:50:31 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe [2014-01-16 09:50:31 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe [2014-01-16 09:50:31 | 000,232,372 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2014-01-16 09:50:31 | 000,230,192 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2014-01-16 09:50:31 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2014-01-16 09:50:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2014-01-16 09:50:31 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2014-01-16 09:50:31 | 000,078,928 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2014-01-16 09:50:31 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2014-01-16 09:42:49 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013-08-05 07:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2013-08-05 07:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2013-05-06 10:45:30 | 000,019,536 | ---- | C] () -- C:\Windows\System32\drivers\UsbCharger.sys [2013-03-18 15:09:26 | 000,007,680 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2013-02-19 12:18:56 | 000,018,512 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2012-10-12 20:57:39 | 000,662,785 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat========== ZeroAccess Check ========== [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/spoiler] [spoiler]OTL Extras logfile created on: 2014-02-22 14:39:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcin\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,21 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 48,21% Memory free 4,43 Gb Paging File | 2,87 Gb Available in Paging File | 64,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,13 Gb Total Space | 250,46 Gb Free Space | 87,53% Space Free | Partition Type: NTFS Drive D: | 345,48 Gb Total Space | 304,88 Gb Free Space | 88,25% Space Free | Partition Type: NTFS Drive E: | 292,97 Gb Total Space | 287,99 Gb Free Space | 98,30% Space Free | Partition Type: NTFS Computer Name: MARCIN-KOMPUTER | User Name: Marcin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B7DBCE7-68C5-46C9-B00C-F83BD911543E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0C827103-88C2-4C4B-B982-68D1D50F7604}" = lport=10243 | protocol=6 | dir=in | app=system | "{0F9B4CC9-FACE-4508-9D98-ABEF4CAF5D04}" = rport=445 | protocol=6 | dir=out | app=system | "{10104139-55DC-405A-9EF0-C1A51381E7BE}" = lport=6881 | protocol=6 | dir=in | name=war thunder | "{32F0270C-C9B0-4398-9483-999D18A6F5F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{374E205A-2D1D-4CD2-928E-F3A2A1244C04}" = lport=138 | protocol=17 | dir=in | app=system | "{3A509548-FE95-4F20-AB9A-DADA810F50B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3E213D43-8C9A-4F12-88D1-AECB9E2188EB}" = rport=138 | protocol=17 | dir=out | app=system | "{43F7BE08-F368-451B-86B9-ADD7DE9EAA5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47D698BF-D464-4957-814A-2A6E0CC070EC}" = lport=8090 | protocol=6 | dir=in | name=war thunder | "{4E254F5E-1FA3-44E9-8190-F511D10EE78A}" = lport=443 | protocol=6 | dir=in | name=war thunder | "{50B5309D-6A77-4064-A129-8B79E4481298}" = lport=20443 | protocol=6 | dir=in | name=war thunder | "{5E5995C0-09B1-4C3C-A563-47BF042FD7B5}" = lport=139 | protocol=6 | dir=in | app=system | "{6275E6E0-8047-4E26-9DB3-51DFC0DA2CC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{660D8566-0643-4AE5-859E-A8D0CC4CE032}" = lport=2869 | protocol=6 | dir=in | app=system | "{6F35725F-6DE9-4537-81D2-2E18B4CC67F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6FE1F61A-8021-4C24-B52C-47B69CAABD01}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{701140B7-EF28-4359-8763-D00A2B77A0E3}" = lport=137 | protocol=17 | dir=in | app=system | "{70B69E92-9025-4F89-894E-A02FC95E1D47}" = rport=137 | protocol=17 | dir=out | app=system | "{7C1839E2-94B9-43F2-8A41-60DFFC6A534E}" = lport=3478 | protocol=17 | dir=in | name=war thunder | "{7E700B39-9CEE-4350-A5FC-7332E63C7F17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{89552DB1-EEEF-4E36-928D-3BF86BA0E45C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{899A3B51-31BC-47B7-911F-714F9A99EE78}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{96E836CB-70E6-4531-AE1F-DD10D14F2FDC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A14A186F-9F5C-4134-871D-9B768BC1B047}" = lport=33333 | protocol=6 | dir=in | name=war thunder | "{A6572BB4-9E49-4DEA-BFEF-1DE287D889BE}" = lport=80 | protocol=6 | dir=in | name=war thunder | "{A9A8BAAA-B842-4AA8-AD5C-FE63AE82A4BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B06FD1F3-92A7-4C5A-834F-4B842B78EDB7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B1913AA0-8B04-4BF0-AB18-CCACA8A06D4F}" = rport=10243 | protocol=6 | dir=out | app=system | "{B6F12555-FBA8-4DE6-8FEA-1B35C0ECB8F9}" = rport=139 | protocol=6 | dir=out | app=system | "{C74196AB-C3A3-46FF-B0B5-AED411FDAE90}" = lport=7853 | protocol=6 | dir=in | name=war thunder | "{D3EA3BCB-D479-4D0C-9390-704B0C506201}" = lport=7852 | protocol=6 | dir=in | name=war thunder | "{D4261AE9-898C-474E-8D07-FFED44473668}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D625F333-0692-480E-8C2E-BF6EBDDAE86C}" = lport=20010 | protocol=17 | dir=in | name=war thunder | "{EBB67D80-FD81-42F5-9DAF-0E8ADB0AB78A}" = lport=445 | protocol=6 | dir=in | app=system | "{F2B9DD1F-F6E4-4CE3-B37E-FFE51F2D034C}" = lport=7850 | protocol=6 | dir=in | name=war thunder | "{F4637470-4B82-4B0F-9B11-1032193610F2}" = lport=27022 | protocol=6 | dir=in | name=war thunder | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05322FA6-98A1-4455-AB3C-D212CF13454B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0E5235D7-C36D-4761-AB2D-B03D6FB0645D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1765FC08-213D-4B61-B2D2-02C9E63ECF9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{29886F66-DD04-486A-9A46-92788898EAB5}" = dir=in | app=c:\program files\raidxpert2\apache\bin\httpd.exe | "{2F6EE7A4-F6D5-4DE6-BB9E-E226CE8EEB03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{377A980D-759A-4F15-92A4-E6B8F5647F41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{44FB9F08-D181-4023-BD6C-5566619A1947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{53BD88F5-E607-4E5D-906E-2FE492F7AD80}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{63C5111A-1B9D-44D1-A683-9FDDF9CCE281}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{673BC999-BE55-43EB-91FB-CE64FA002F37}" = protocol=6 | dir=in | app=d:\program files\warthunder\launcher.exe | "{71CA0DD0-612E-4B7B-B98C-5DD4EF974514}" = protocol=6 | dir=out | app=system | "{735EEF97-C864-4830-A28A-38F665E3E828}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{79AAC2E0-4CAD-45ED-A7E2-C0D8D844063F}" = protocol=17 | dir=in | app=d:\program files\warthunder\launcher.exe | "{7F42C076-2816-4060-8662-D19D7552F83B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{85B60519-83E7-4321-9087-654BEE53AA14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{92EC8D53-089E-4B48-B796-9AFA3AFFD1B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{B76344C9-777F-4600-BFE6-02A8C38715A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C2A2BD87-5D43-4CBB-AEBA-09CAF5680730}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C3F47EFD-8AB3-44D2-BAE1-71E4583E0A8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E1118555-6B4B-492D-8B9F-E1FCE7149BCA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E8C1A8D3-9308-4F15-BAAC-081D20C3A6ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0459049-8926-4437-96C9-28CC8BE12BA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FBF68B13-2310-473E-B66B-233B4C12DEC8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{44DCDD0E-5C0C-4CA0-8D53-B46FE2947872}C:\users\marcin\downloads\stbuild120713dev\spintires.exe" = protocol=6 | dir=in | app=c:\users\marcin\downloads\stbuild120713dev\spintires.exe | "TCP Query User{5299755B-052A-40DB-B283-5A643261FC0D}D:\program files\warthunder\aces.exe" = protocol=6 | dir=in | app=d:\program files\warthunder\aces.exe | "TCP Query User{7ACBC6D2-DC02-4F9E-B67F-C60A8D403273}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{88483C67-FE1E-412D-AF42-DEEC21E85D92}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{F2DDDB06-CFCF-404A-B5DB-B73549747D0C}C:\users\marcin\desktop\stbuild120713dev\spintires.exe" = protocol=6 | dir=in | app=c:\users\marcin\desktop\stbuild120713dev\spintires.exe | "UDP Query User{30FEE848-608C-4E5A-800A-7C365154BDC4}C:\users\marcin\downloads\stbuild120713dev\spintires.exe" = protocol=17 | dir=in | app=c:\users\marcin\downloads\stbuild120713dev\spintires.exe | "UDP Query User{456900A5-3680-4685-B6EC-B617E970417B}D:\program files\warthunder\aces.exe" = protocol=17 | dir=in | app=d:\program files\warthunder\aces.exe | "UDP Query User{4B116E70-C7C8-45E0-B916-9D4FD008EE78}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{9310ECAE-4DBF-4DDC-8055-6219E3D291DB}C:\users\marcin\desktop\stbuild120713dev\spintires.exe" = protocol=17 | dir=in | app=c:\users\marcin\desktop\stbuild120713dev\spintires.exe | "UDP Query User{D6923D0E-55C9-469E-8025-3A4BB1B75D1F}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client "{0E23D4F4-8331-4B33-AE44-E6EDD0D25107}" = AMD Steady Video Plug-In "{14CBD36D-575A-7DE1-2111-4AB50D3AD177}" = CCC Help Chinese Traditional "{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}" = 3TB+Unlock B12.1102.1 "{1969A1C3-089F-2E5E-52E0-36444DC13FA7}" = CCC Help Finnish "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{293BA401-1269-2D02-6197-1E6C9E828FFE}" = CCC Help Swedish "{2A425B0A-FF18-6E87-022D-4D4B51B8E7D6}" = Catalyst Control Center InstallProxy "{2DB31D30-A89B-061F-6E53-FAE9FA7A8ACE}" = CCC Help Czech "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{313BBD28-8DA1-71B6-ACD0-65C3FBE997F5}" = ccc-utility "{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility "{37409122-9D6B-F045-CDF3-63784BCDE583}" = CCC Help German "{379721B3-19A0-7ACF-9B63-7149DAE83CDE}" = CCC Help Spanish "{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TP-LINK 150Mbps Wireless N USB Adapter Driver "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{440F535F-931C-C351-DD05-3A920CC56953}" = CCC Help Dutch "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.0814.1 "{487BC030-EAB0-96F1-C87B-40FA2FAA7BD9}" = CCC Help Chinese Standard "{48FC6D91-6863-3CBD-F20A-29079C983117}" = CCC Help Italian "{4A5E000D-411B-354F-0DD2-253AE916194A}" = Catalyst Control Center Localization All "{4E7B35BE-BC3F-3D65-178B-ACE3C55FE2E3}" = CCC Help French "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{51E3DD84-27D9-C6A5-7864-B6896168A760}" = CCC Help Greek "{53D33AC4-4427-5D7B-F320-43D042CCE0A4}" = CCC Help English "{54FEB786-F175-C50B-D920-2D7C08FC8ACC}" = CCC Help Russian "{568E5F0A-1EE5-1B5E-0E0F-6193A2C13D60}" = AMD Accelerated Video Transcoding "{6274F221-4B87-A158-E079-58A1307157B7}" = CCC Help Hungarian "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65F489A9-79BF-995F-A3AA-A6C6EAD2DC67}" = CCC Help Turkish "{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.0524.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7942E29D-ED31-C0B0-D470-447A25CE3B80}" = CCC Help Danish "{81999787-A518-4218-86D5-C5D25E6808F5}_is1" = Testy Bplus 5.1.3.57 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{972C7396-2FE7-29CB-BEE5-9AD7DA128D24}" = CCC Help Japanese "{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3B3060D-1052-477C-06F9-CCBA9370A00A}" = CCC Help Polish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Polish "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B563907E-389A-1F19-E9A3-0B723F9D18CF}" = AMD Catalyst Install Manager "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1 "{DB2192A7-6A58-494E-9F32-2F121BA17573}" = Multibooki NE "{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.302 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F28B9ED4-69AC-FF0E-D220-9808911EDE7D}" = CCC Help Portuguese "{F662DAFE-316A-2E74-1E54-3DCB59A11B89}" = CCC Help Thai "{F6945170-2957-0EBF-5B64-9D5C8A1EC49E}" = AMD Catalyst Control Center "{F8452E50-CF59-4ECD-7783-F67A9F9CEDCA}" = CCC Help Norwegian "{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = AirLive Turbo-G Wireless "{FB006E40-7CB1-6254-E0AD-24C1A94135E0}" = CCC Help Korean "{FDA4D0D4-F3B2-B403-FE27-F1CF89D0A3A5}" = AMD Fuel "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX "AdvanceMark" = AdvanceMark "awesomehp uninstaller" = awesomehp uninstaller "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "IePlugins" = IePluginService12.27.0.3326 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.0814.1 "InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.0524.1 "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SupTab" = SupTab "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 5.01 (32-bit) "WPM" = WPM17.8.0.3325 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "lollipop" = Lollipop "Math Problem Solver" = Math Problem Solver [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-02-15 07:31:27 | Computer Name = Marcin-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-02-16 08:07:40 | Computer Name = Marcin-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: e-pity 2013.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x510d8b61 Nazwa modułu powodującego błąd: Adobe AIR.dll, wersja: 3.6.0.5970, sygnatura czasowa: 0x510d8be7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001cf716 Identyfikator procesu powodującego błąd: 0x11f0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cf2b0815152121 Ścieżka aplikacji powodującej błąd: C:\Program Files\e-file\e-pity2013\e-pity 2013.exe Ścieżka modułu powodującego błąd: C:\Program Files\e-file\e-pity2013\Adobe AIR\Versions\1.0\Adobe AIR.dll Identyfikator raportu: ee4826fb-9702-11e3-8857-74d43508b09b Error - 2014-02-16 11:08:58 | Computer Name = Marcin-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-02-17 10:32:13 | Computer Name = Marcin-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: SpinTires.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x51e01aca Nazwa modułu powodującego błąd: SpinTires.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x51e01aca Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0060146d Identyfikator procesu powodującego błąd: 0x1244 Godzina uruchomienia aplikacji powodującej błąd: 0x01cf2bebf515da30 Ścieżka aplikacji powodującej błąd: C:\Users\Marcin\Downloads\STBuild120713Dev\SpinTires.exe Ścieżka modułu powodującego błąd: C:\Users\Marcin\Downloads\STBuild120713Dev\SpinTires.exe Identyfikator raportu: 4a2281e2-97e0-11e3-a718-74d43508b09b Error - 2014-02-18 06:11:47 | Computer Name = Marcin-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-02-19 07:39:36 | Computer Name = Marcin-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-02-19 08:36:47 | Computer Name = Marcin-Komputer | Source = VSS | ID = 8194 Description = Error - 2014-02-20 07:36:26 | Computer Name = Marcin-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-02-21 06:16:09 | Computer Name = Marcin-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2014-02-22 09:30:28 | Computer Name = Marcin-Komputer | Source = VSS | ID = 8194 Description = [ System Events ] Error - 2014-02-20 15:28:08 | Computer Name = Marcin-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: UsbCharger Error - 2014-02-20 15:28:11 | Computer Name = Marcin-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\athExt.dll Kod błędu: 126 Error - 2014-02-20 17:01:06 | Computer Name = Marcin-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\athExt.dll Kod błędu: 126 Error - 2014-02-20 17:01:09 | Computer Name = Marcin-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: UsbCharger Error - 2014-02-21 05:09:22 | Computer Name = Marcin-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\athExt.dll Kod błędu: 126 Error - 2014-02-21 05:09:27 | Computer Name = Marcin-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: UsbCharger Error - 2014-02-21 06:30:03 | Computer Name = Marcin-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się. Ścieżka modułu: C:\Windows\system32\athExt.dll Kod błędu: 126 Error - 2014-02-21 20:17:08 | Computer Name = Marcin-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: UsbCharger Error - 2014-02-22 04:54:24 | Computer Name = Marcin-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: UsbCharger Error - 2014-02-22 09:31:06 | Computer Name = Marcin-Komputer | Source = Service Control Manager | ID = 7030 Description = Usługa MgAssist Service jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. < End of report >[/spoiler]
cinomatic komentarz 22 lutego 2014 komentarz 22 lutego 2014 Malwarebytes Anti-Malware Ściągnij i przeskanuj. Usuń wszystkie co znajdzie.
fatymid komentarz 22 lutego 2014 komentarz 22 lutego 2014 (edytowane) Zawsze możesz przeskanować komputer, jeśli sądzisz, że to wirus. Prponuję skan MBAM EDIT: kolega powyżej mnie ubiegł :)
Natsuki Kuga komentarz 22 lutego 2014 komentarz 22 lutego 2014 1. Odinstaluj poprzez Dodaj/usuń programy: AdvanceMark, awesomehp uninstaller, IePluginService12.27.0.3326, SupTab, WPM17.8.0.3325, Lollipop2. Sprawdź w przeglądarkach, czy posiadasz wymienione dodatki, jeśli są, odinstaluj: awesomehp, AdvanceMark, SupTab3. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ): :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp...J9SXXXXZ1D7TJ9S IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp...q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp...J9SXXXXZ1D7TJ9S IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp...q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp...J9SXXXXZ1D7TJ9S IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp...J9SXXXXZ1D7TJ9S IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp...q={searchTerms} CHR - default_search_provider: awesomehp (Enabled) CHR - default_search_provider: search_url = http://www.awesomehp...q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.awesomehp...J9SXXXXZ1D7TJ9S O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (AdvanceMark) - {4e65dc6b-0322-48fa-a6b3-fda44fbd34c2} - C:\Program Files\AdvanceMark\AdvanceMarkBHO.dll (AdvanceMark) O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found O4 - HKCU..\Run: [lollipop] c:\users\marcin\appdata\local\lollipop\lollipop.exe () O4 - HKCU..\Run: [NextLive] C:\Users\Marcin\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe) :Files C:\Program Files\AdvanceMark C:\ProgramData\IePluginService C:\Users\Marcin\AppData\Local\Lollipop C:\ProgramData\WPM C:\Program Files\SupTab C:\Program Files\Mobogenie C:\Users\Marcin\AppData\Roaming\newnext.me C:\Program Files\LiveSupport C:\Users\Marcin\AppData\Roaming\awesomehp C:\Users\Marcin\.android C:\Users\Marcin\AppData\Local\cache C:\Users\Marcin\AppData\Local\genienext C:\Users\Marcin\Documents\Mobogenie C:\Users\Marcin\AppData\Local\Mobogenie C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop C:\Windows\tasks\AmiUpdXp.job :Services Wpm Update AdvanceMark Pokaż raport.4. Użyj AdwCleaner z opcji Usuń. Pokaż raport.5. Pokaż nowe logi z OTL + log z Gmer.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.