czeski utworzono 16 lipca 2015 utworzono 16 lipca 2015 (edytowane) Witam, mam następujący problem po odpaleniu windows defendera pojawia się na czerwono komunikat, iż aplikacja została zatrzymana. Po wybraniu opcji uruchom teraz bez zmian. Natomiast po uruchomieniu malwarebytes aplikacja nie rusza. Podejrzewam, iż wkradł się jakiś wirus/robak którego nie mogę się pozbyć i proszę o pomoc. Poniżej zamieszczam niezbędne logi: OTL [log]OTL logfile created on: 2015-07-16 11:14:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karolina\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17842) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,91 Gb Total Physical Memory | 5,42 Gb Available Physical Memory | 68,55% Memory free 15,91 Gb Paging File | 13,19 Gb Available in Paging File | 82,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,46 Gb Total Space | 849,16 Gb Free Space | 92,15% Space Free | Partition Type: NTFS Drive X: | 750,00 Mb Total Space | 317,34 Mb Free Space | 42,31% Space Free | Partition Type: NTFS Drive Y: | 8,66 Gb Total Space | 0,72 Gb Free Space | 8,30% Space Free | Partition Type: NTFS Computer Name: KOMPUTRON | User Name: Karolina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015-07-16 11:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karolina\Desktop\OTL.exe PRC - [2015-07-13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2015-06-26 20:31:18 | 043,871,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2015-06-23 19:50:31 | 101,331,584 | ---- | M] (Microsoft Corporation) -- C:\Users\Karolina\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe PRC - [2015-06-22 16:43:05 | 000,134,512 | ---- | M] (Dropbox, Inc.) -- C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe PRC - [2015-06-09 15:13:52 | 000,237,272 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Update\DellUpService.exe PRC - [2015-06-09 15:11:24 | 000,707,800 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Update\DellUpTray.exe PRC - [2015-05-14 11:54:32 | 000,532,168 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe PRC - [2015-05-14 11:54:26 | 000,422,600 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2015-05-08 02:36:28 | 002,685,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2015-05-08 02:36:25 | 001,884,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2015-04-09 08:38:26 | 000,145,288 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe PRC - [2015-03-04 02:22:23 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe PRC - [2015-03-04 02:21:15 | 000,418,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2015-02-12 08:35:30 | 002,005,392 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe PRC - [2015-01-23 20:24:26 | 004,191,632 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE PRC - [2015-01-23 20:24:14 | 000,514,960 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE PRC - [2014-09-03 12:03:34 | 000,405,976 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2014-09-03 12:03:32 | 000,154,584 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013-03-05 05:43:20 | 000,110,144 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe ========== Modules (No Company Name) ========== MOD - [2015-07-16 10:58:39 | 000,043,008 | ---- | M] () -- c:\users\karolina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuylj5s.dll MOD - [2015-07-13 23:55:14 | 001,281,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll MOD - [2015-07-13 23:55:13 | 000,080,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll MOD - [2015-06-18 09:48:17 | 001,070,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\3d476a44c20ddf99250f3ade1b0da1da\System.ServiceModel.Web.ni.dll MOD - [2015-06-18 09:48:15 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll MOD - [2015-06-18 09:47:11 | 002,964,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fc3b086418e8d8807cfb6b88ccae1c64\System.IdentityModel.ni.dll MOD - [2015-06-18 09:47:00 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll MOD - [2015-06-18 09:46:59 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll MOD - [2015-06-07 16:04:06 | 000,392,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f6f03dc1ce4a8de5d3700681c2f0bd24\System.Xml.Linq.ni.dll MOD - [2015-06-07 16:04:05 | 007,785,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll MOD - [2015-06-07 16:04:01 | 001,874,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll MOD - [2015-06-07 16:03:59 | 012,898,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\592a40dd076e6e46b4a8bc95bb64b2e8\System.Windows.Forms.ni.dll MOD - [2015-06-07 16:03:52 | 000,219,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f71ad45b67451bf027520e4e264c1f94\System.ServiceProcess.ni.dll MOD - [2015-06-07 16:03:51 | 019,567,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\662aae610c401a254416904a4861b189\System.ServiceModel.ni.dll MOD - [2015-06-07 16:03:36 | 002,803,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll MOD - [2015-06-07 16:03:33 | 000,522,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\4349c34e308ffad31ad802803f21ef9b\System.Net.Http.ni.dll MOD - [2015-06-07 16:03:32 | 001,169,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\8843bc51abc35b8247ffb506ef61d954\System.Management.ni.dll MOD - [2015-06-07 16:03:31 | 001,635,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll MOD - [2015-06-07 16:03:24 | 000,968,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\814dd462b742d7c16c620e79397b2463\System.Configuration.ni.dll MOD - [2015-06-07 16:03:23 | 000,463,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll MOD - [2015-06-07 16:03:18 | 018,744,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\ec27e642d9ec3d9dfde1ece6c9b12426\PresentationFramework.ni.dll MOD - [2015-06-07 16:03:04 | 011,027,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\41d56a9ca758109d5fe17cffba55346e\PresentationCore.ni.dll MOD - [2015-06-07 16:02:57 | 003,957,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\eae66374b80515eff6a84e373b9e036e\WindowsBase.ni.dll MOD - [2015-06-07 16:02:51 | 006,951,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\67bdc09fa286920c1f42f2a98c400f95\System.Core.ni.dll MOD - [2015-06-07 16:02:45 | 010,030,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll MOD - [2015-05-14 11:54:26 | 000,422,600 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2015-05-08 02:36:28 | 000,011,920 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll MOD - [2015-03-19 09:15:28 | 000,865,280 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll MOD - [2015-03-19 09:15:28 | 000,750,080 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\libGLESv2.dll MOD - [2015-03-19 09:15:28 | 000,726,016 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll MOD - [2015-03-19 09:15:28 | 000,200,704 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll MOD - [2015-03-19 09:15:28 | 000,047,616 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\libEGL.dll MOD - [2015-03-19 09:15:28 | 000,010,240 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll MOD - [2015-03-19 09:15:28 | 000,010,240 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll MOD - [2015-02-09 17:14:56 | 001,905,904 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll MOD - [2014-03-18 12:01:56 | 017,395,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll MOD - [2014-02-18 20:12:14 | 000,117,568 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll MOD - [2013-03-05 12:41:36 | 000,015,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2013-03-05 05:40:16 | 000,626,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012-11-26 00:19:20 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2015-05-25 15:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2015-05-08 02:36:24 | 001,152,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV:64bit: - [2015-05-08 02:36:23 | 022,997,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:64bit: - [2015-05-05 14:31:52 | 000,092,528 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe -- (Dell Foundation Services) SRV:64bit: - [2015-03-04 02:22:33 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015-03-04 02:22:06 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2015-03-04 02:21:54 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2015-03-04 02:21:00 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2015-03-04 02:20:56 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2015-03-04 02:20:55 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2015-03-04 02:20:50 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2015-03-04 02:20:49 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2015-03-04 02:20:47 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2015-03-04 02:20:38 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2015-03-04 02:20:38 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2015-03-04 02:20:38 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2015-03-04 02:20:37 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2015-03-04 02:20:35 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:64bit: - [2015-03-04 02:20:35 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2015-03-04 02:20:35 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2015-03-04 02:20:32 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2015-03-04 02:20:31 | 000,407,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2015-03-04 02:20:31 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2015-03-04 02:20:31 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2015-03-04 02:20:26 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2015-03-04 02:20:26 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2015-03-04 02:20:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2015-03-04 02:20:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2015-03-04 02:20:23 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2015-03-04 02:20:20 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2015-03-04 02:20:20 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2015-03-04 02:20:20 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2015-03-04 02:20:20 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2015-03-04 02:20:20 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2015-03-04 02:20:20 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2015-03-04 02:20:20 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2015-03-04 02:20:09 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2015-03-04 02:20:09 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2015-03-04 02:20:06 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:64bit: - [2015-02-26 18:02:04 | 002,557,136 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DellDataVault\DellDataVault.exe -- (DellDataVault) SRV:64bit: - [2015-02-21 01:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2015-02-04 01:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc) SRV:64bit: - [2015-02-04 01:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2014-12-25 00:27:12 | 000,094,160 | ---- | M] () [Auto | Running] -- C:\Program Files\TrueColor\TrueColorALS.exe -- (TrueColorALS) SRV:64bit: - [2014-12-06 03:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2014-11-13 12:05:26 | 000,045,936 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\Dell Data Services\DDSSvc.exe -- (Dell Data Services) SRV:64bit: - [2014-09-08 22:40:30 | 000,325,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0) SRV:64bit: - [2014-05-13 15:31:14 | 000,887,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:64bit: - [2014-01-08 23:12:46 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:64bit: - [2013-08-22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2009-11-18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2015-06-24 04:08:12 | 000,125,112 | ---- | M] (XTab system) [Auto | Stopped] -- C:\Program Files (x86)\MiuiTab\ProtectService.exe -- (IHProtect Service) SRV - [2015-06-23 19:50:31 | 101,331,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Users\Karolina\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe -- (VSSS) SRV - [2015-06-11 13:15:34 | 000,020,648 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe -- (SupportAssistAgent) SRV - [2015-06-09 15:13:52 | 000,237,272 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Update\DellUpService.exe -- (DellUpdate) SRV - [2015-05-08 02:36:25 | 001,884,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2015-04-09 08:38:26 | 000,145,288 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe -- (Dell Customer Connect) SRV - [2015-03-04 02:21:24 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2015-03-04 02:20:09 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2015-03-04 02:20:09 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2015-02-12 08:35:30 | 002,005,392 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe -- (SftService) SRV - [2014-09-08 22:40:26 | 000,279,144 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014-09-03 12:03:34 | 000,405,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2014-09-03 12:03:32 | 000,154,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2014-06-18 04:14:34 | 000,322,176 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2014-04-01 13:20:36 | 000,293,440 | ---- | M] (Aviata, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe -- (DellProdRegManager) SRV - [2013-08-22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Disabled | Running] -- C:\Program Files\kprocesshacker.sys -- (KProcessHacker2) DRV:64bit: - [2015-05-08 02:36:23 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV:64bit: - [2015-04-16 08:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2015-03-20 03:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2015-03-17 19:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2015-03-13 06:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2015-03-09 04:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2015-03-04 12:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2015-03-04 02:22:47 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2015-03-04 02:22:46 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2015-03-04 02:22:45 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2015-03-04 02:22:44 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2015-03-04 02:22:11 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2015-03-04 02:22:07 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2015-03-04 02:20:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2015-03-04 02:20:47 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2015-03-04 02:20:46 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS) DRV:64bit: - [2015-03-04 02:20:46 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2015-03-04 02:20:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2015-03-04 02:20:06 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2015-03-04 02:20:06 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2015-03-04 02:20:06 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2015-03-04 02:19:58 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2015-03-04 02:19:46 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2015-02-26 18:00:46 | 000,023,760 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys -- (DDDriver) DRV:64bit: - [2015-02-26 18:00:46 | 000,023,312 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellProf.sys -- (DellProf) DRV:64bit: - [2015-02-04 01:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2015-02-04 01:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2015-02-04 01:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2014-11-22 12:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2014-09-12 03:15:20 | 000,453,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2014-09-08 22:39:26 | 004,716,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2014-09-03 21:03:32 | 000,126,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:64bit: - [2014-08-30 00:14:47 | 000,027,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2014-08-30 00:14:46 | 000,038,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2014-07-19 00:31:08 | 000,874,712 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2014-06-18 03:50:14 | 000,599,752 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2014-06-18 03:50:14 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2014-06-18 03:50:14 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2014-06-18 03:50:14 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2014-06-18 03:50:14 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2014-06-18 03:50:14 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2014-06-18 03:50:14 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2014-06-18 03:50:14 | 000,035,016 | ---- | M] (Qualcomm Atheros) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2014-06-11 16:40:22 | 000,143,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iaLPSS_UART2.sys -- (iaLPSS_UART2) DRV:64bit: - [2014-06-11 16:40:22 | 000,120,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iaLPSS_I2C.sys -- (iaLPSS_I2C) DRV:64bit: - [2014-06-11 16:40:22 | 000,100,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS_SPI.sys -- (iaLPSS_SPI) DRV:64bit: - [2014-06-11 16:40:22 | 000,035,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iaLPSS_GPIO.sys -- (iaLPSS_GPIO) DRV:64bit: - [2014-06-07 17:20:34 | 000,670,056 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2014-06-06 21:23:54 | 003,901,952 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr) DRV:64bit: - [2014-05-22 21:21:30 | 000,549,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2014-05-22 21:21:30 | 000,042,736 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynRMIHID.sys -- (SynRMIHID) DRV:64bit: - [2014-03-18 12:01:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2014-03-18 12:00:59 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2014-03-18 12:00:57 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2014-03-18 12:00:57 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2014-03-18 12:00:57 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2014-03-18 12:00:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2014-03-18 11:27:51 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2013-11-02 01:40:22 | 000,330,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2013-08-22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2013-08-22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013-08-22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2013-08-22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2013-08-22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2013-08-22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013-08-22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2013-08-22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2013-08-22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2013-08-22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2013-08-22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:64bit: - [2013-08-22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2013-08-22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2013-08-22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2013-08-22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2013-08-22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013-08-22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2013-08-22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2013-08-22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013-08-22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2013-08-22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2013-08-22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2013-08-22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2013-08-22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2013-08-22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2013-08-22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2013-08-22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2013-08-22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2013-08-22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2013-08-22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2013-08-22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2013-08-22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2013-08-22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013-08-22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2013-08-22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2013-08-22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2013-08-22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2013-08-22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2013-08-22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013-08-22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2013-08-22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2013-08-22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:64bit: - [2013-08-22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2013-08-22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2013-08-13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2013-08-10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2013-07-30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2013-07-25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2013-03-05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2013-01-25 04:12:08 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn) DRV:64bit: - [2012-09-03 17:28:04 | 000,037,888 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (facap) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{94DF3D03-1046-4EE7-A6C6-D3B3F6CEEA8A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{94DF3D03-1046-4EE7-A6C6-D3B3F6CEEA8A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsurf.com/web/?type=dspp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\..\SearchScopes\{94DF3D03-1046-4EE7-A6C6-D3B3F6CEEA8A}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} IE - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - Extension: No name found = C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.1_0\ CHR - Extension: No name found = C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\elgfababjopgjalkgbfndlempbfdiecf\2_0\ CHR - Extension: No name found = C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\ O1 HOSTS File: ([2013-08-22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (LuckyTab Class) - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [TrueColor UI] File not found O4:64bit: - HKLM..\Run: [WavesSvc] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Waves Audio Ltd.) O4 - HKU\S-1-5-21-1210184927-2387741948-3987209327-1001..\Run: [Dropbox Update] C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c.lnk = C:\Users\Karolina\AppData\Roaming\obxrldkzkm.exe () O4 - Startup: C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Karolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Atheros Communications) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1391BBC8-CBEF-4DA8-916F-846D8B27A797}: DhcpNameServer = 192.168.1.211 192.168.1.212 212.87.14.39 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CE4EEB-F145-4324-9DBE-E09AEFE4682B}: DhcpNameServer = 62.179.1.63 62.179.1.62 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015-07-16 11:18:52 | 002,133,504 | ---- | C] (Farbar) -- C:\Users\Karolina\Desktop\FRST64.exe [2015-07-16 11:12:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karolina\Desktop\OTL.exe [2015-07-16 11:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2015-07-16 11:01:56 | 002,870,984 | ---- | C] (ESET) -- C:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe [2015-07-16 10:58:44 | 000,000,000 | R--D | C] -- C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2015-07-16 10:45:09 | 000,000,000 | ---D | C] -- C:\Users\Karolina\AppData\Roaming\JPEGCompress [2015-07-16 10:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\IHProtectUpDate [2015-07-16 10:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiuiTab [2015-07-16 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2015-07-16 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Karolina\AppData\Roaming\IrfanView [2015-07-16 10:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2015-07-12 09:49:49 | 000,000,000 | ---D | C] -- C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2015-07-12 09:46:28 | 001,415,680 | ---- | C] (wj32) -- C:\Program Files\VU1XN3W9.exe [2015-07-09 12:58:42 | 001,415,680 | ---- | C] (wj32) -- C:\Program Files\Y0CKPR5C.exe [2015-07-09 11:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Update [2015-07-08 12:32:52 | 001,415,680 | ---- | C] (wj32) -- C:\Program Files\D0D6GFEF.exe [2015-07-05 18:08:30 | 001,415,680 | ---- | C] (wj32) -- C:\Program Files\KXTP876D.exe [2015-07-04 23:17:46 | 001,415,680 | ---- | C] (wj32) -- C:\Program Files\EDWYXGLA.exe [2015-06-26 08:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows [2015-06-26 08:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center [2015-06-23 20:02:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2015-06-23 19:50:47 | 001,415,680 | ---- | C] (wj32) -- C:\Program Files\10ZYX94C.exe [2015-06-22 16:43:07 | 000,000,000 | ---D | C] -- C:\Users\Karolina\AppData\Local\Dropbox [2015-06-22 16:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Dropbox [2015-06-21 20:26:50 | 000,000,000 | ---D | C] -- C:\Users\Karolina\Desktop\FFT_TTX [2015-06-20 10:11:54 | 000,000,000 | ---D | C] -- C:\Users\Karolina\AppData\Local\CrashDumps ========== Files - Modified Within 30 Days ========== [2015-07-16 11:18:54 | 002,133,504 | ---- | M] (Farbar) -- C:\Users\Karolina\Desktop\FRST64.exe [2015-07-16 11:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karolina\Desktop\OTL.exe [2015-07-16 11:04:06 | 001,825,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015-07-16 11:04:06 | 000,807,160 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2015-07-16 11:04:06 | 000,722,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015-07-16 11:04:06 | 000,163,478 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2015-07-16 11:04:06 | 000,135,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015-07-16 11:02:00 | 002,870,984 | ---- | M] (ESET) -- C:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe [2015-07-16 10:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015-07-16 10:58:28 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015-07-16 10:56:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015-07-16 10:56:25 | 2502,733,823 | -HS- | M] () -- C:\hiberfil.sys [2015-07-16 10:48:00 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001UA.job [2015-07-16 10:47:43 | 000,492,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015-07-16 10:46:20 | 000,245,373 | ---- | M] () -- C:\Users\Karolina\Desktop\new_P1170098 (2).jpg [2015-07-16 10:42:21 | 001,122,679 | ---- | M] () -- C:\Users\Karolina\Desktop\JPEGCompress(13173)-dp.jse [2015-07-16 10:39:56 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015-07-16 10:36:50 | 000,001,908 | ---- | M] () -- C:\Users\Karolina\Desktop\IrfanView Thumbnails.lnk [2015-07-16 10:36:50 | 000,001,016 | ---- | M] () -- C:\Users\Karolina\Desktop\IrfanView.lnk [2015-07-16 10:35:49 | 000,801,830 | ---- | M] () -- C:\Users\Karolina\Desktop\P1170098 (2).JPG [2015-07-16 10:30:50 | 002,336,953 | ---- | M] () -- C:\Users\Karolina\Desktop\P1170098.JPG [2015-07-12 09:50:10 | 000,001,158 | ---- | M] () -- C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-12 09:46:28 | 001,415,680 | ---- | M] (wj32) -- C:\Program Files\VU1XN3W9.exe [2015-07-11 16:48:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001Core.job [2015-07-09 12:58:42 | 001,415,680 | ---- | M] (wj32) -- C:\Program Files\Y0CKPR5C.exe [2015-07-08 12:32:54 | 001,415,680 | ---- | M] (wj32) -- C:\Program Files\D0D6GFEF.exe [2015-07-05 18:08:30 | 001,415,680 | ---- | M] (wj32) -- C:\Program Files\KXTP876D.exe [2015-07-04 23:17:46 | 001,415,680 | ---- | M] (wj32) -- C:\Program Files\EDWYXGLA.exe [2015-07-03 13:20:15 | 001,086,307 | ---- | M] () -- C:\Users\Karolina\Desktop\The Sims 3 Demo.jse [2015-06-23 19:54:47 | 001,415,680 | ---- | M] (wj32) -- C:\Program Files\10ZYX94C.exe [2015-06-22 16:20:29 | 675,891,874 | ---- | M] () -- C:\Windows\MEMORY.DMP [2015-06-20 05:02:45 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015-06-20 05:02:45 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2015-07-16 10:46:13 | 000,245,373 | ---- | C] () -- C:\Users\Karolina\Desktop\new_P1170098 (2).jpg [2015-07-16 10:42:21 | 001,122,679 | ---- | C] () -- C:\Users\Karolina\Desktop\JPEGCompress(13173)-dp.jse [2015-07-16 10:36:50 | 000,001,908 | ---- | C] () -- C:\Users\Karolina\Desktop\IrfanView Thumbnails.lnk [2015-07-16 10:36:50 | 000,001,016 | ---- | C] () -- C:\Users\Karolina\Desktop\IrfanView.lnk [2015-07-16 10:35:48 | 000,801,830 | ---- | C] () -- C:\Users\Karolina\Desktop\P1170098 (2).JPG [2015-07-16 10:30:45 | 002,336,953 | ---- | C] () -- C:\Users\Karolina\Desktop\P1170098.JPG [2015-07-03 13:20:14 | 001,086,307 | ---- | C] () -- C:\Users\Karolina\Desktop\The Sims 3 Demo.jse [2015-06-22 16:43:08 | 000,001,194 | ---- | C] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001UA.job [2015-06-22 16:43:08 | 000,001,142 | ---- | C] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001Core.job [2015-06-12 20:01:29 | 071,774,208 | RHS- | C] () -- C:\Users\Karolina\AppData\Roaming\obxrldkzkm.exe [2015-05-23 19:51:05 | 000,000,136 | ---- | C] () -- C:\Windows\ODBC.INI [2015-03-04 02:21:46 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2015-03-04 02:20:09 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2015-03-04 01:45:39 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2015-03-04 01:45:37 | 016,857,968 | ---- | C] () -- C:\Windows\SysWow64\igd11dxva32.dll [2015-03-03 18:03:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014-11-14 15:51:52 | 000,448,512 | ---- | C] () -- C:\Windows\SysWow64\DPPPlugin.dll [2014-11-14 15:51:52 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\DPPPluginMetaData.dat [2014-03-18 12:01:33 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini [2013-08-22 17:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2013-08-22 17:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2013-08-22 16:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2013-08-22 09:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2013-08-22 01:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013-08-22 01:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2015-05-20 07:19:15 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015-02-12 19:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015-02-12 19:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015-03-04 02:20:20 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2015-03-04 02:21:17 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015-03-04 02:20:20 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2015-07-16 10:59:10 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\Dropbox [2015-05-21 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\DropboxOEM [2015-05-22 19:40:35 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\GraphPad Software [2015-07-16 10:36:50 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\IrfanView [2015-07-16 10:55:35 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\JPEGCompress [2015-05-21 20:03:50 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\Opera Software [2015-05-22 21:29:51 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\PCDr [2015-05-21 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\Karolina\AppData\Roaming\Shortcut ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\Karolina\OneDrive:ms-properties < End of report > [/log] [log]OTL Extras logfile created on: 2015-07-16 11:14:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karolina\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17842) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,91 Gb Total Physical Memory | 5,42 Gb Available Physical Memory | 68,55% Memory free 15,91 Gb Paging File | 13,19 Gb Available in Paging File | 82,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,46 Gb Total Space | 849,16 Gb Free Space | 92,15% Space Free | Partition Type: NTFS Drive X: | 750,00 Mb Total Space | 317,34 Mb Free Space | 42,31% Space Free | Partition Type: NTFS Drive Y: | 8,66 Gb Total Space | 0,72 Gb Free Space | 8,30% Space Free | Partition Type: NTFS Computer Name: KOMPUTRON | User Name: Karolina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1210184927-2387741948-3987209327-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B2EE92A-1C27-42CC-9691-38D092189148}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{148D5A90-951D-4EA4-B609-F41561DBFF35}" = lport=445 | protocol=6 | dir=in | app=system | "{228ACD9E-7364-43CB-83D3-9E46CF753071}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{23B31E6F-3EE0-4C44-8B11-A1C41ADC368A}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{26A4C5C1-7A7D-48A8-A172-0A55A55E97B0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{2DEC24E3-6A3D-43D1-B5EF-E17008ED3530}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | "{37C3DC88-EC48-4BF9-8382-137D045474B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | "{3F644C68-07CB-4C36-AA86-D4246B5D62DF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{46A9E934-0E25-4AF7-8E9B-6EB01AD6E6CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{63B69689-E44D-462E-9AA3-F270C49A0325}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{85873B07-3935-414F-8315-CA35D677BA1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{87E7263F-4D28-4739-942D-54DE9DB62D75}" = rport=138 | protocol=17 | dir=out | app=system | "{94884718-FC81-421A-9C83-625EC525D7DB}" = rport=139 | protocol=6 | dir=out | app=system | "{AF369718-082D-4ED5-B619-C4369527580D}" = rport=137 | protocol=17 | dir=out | app=system | "{B13FD6D8-08BF-4F24-9C21-19A590211B23}" = rport=445 | protocol=6 | dir=out | app=system | "{BF400E71-7347-4FC3-9565-3C0EE087447B}" = lport=139 | protocol=6 | dir=in | app=system | "{C3145916-3B2D-4B12-BF74-C3678F45FFEC}" = lport=138 | protocol=17 | dir=in | app=system | "{DBE12EB4-A063-45CC-9B82-9BFFC8CD58CF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | "{ED480A56-A196-4154-814B-C5BA570AEA22}" = lport=137 | protocol=17 | dir=in | app=system | "{F5BAFF19-2097-48B5-B721-6B63EA4AD235}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{210AB4D7-9C00-4EED-8F59-73B2D3848453}" = protocol=6 | dir=in | app=c:\users\karolina\appdata\roaming\dropbox\bin\dropbox.exe | "{32C13334-3357-401A-A895-6DAFFDA5332E}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{40267478-7F20-4224-920E-8F62EB6BB221}" = dir=out | name=@{microsoft.bingsports_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{50185799-655F-4C0B-A8CB-1EAD195CDA28}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{5715A09E-EECF-4A81-81CF-5544EDC1A46A}" = protocol=17 | dir=in | app=c:\users\karolina\appdata\roaming\dropbox\bin\dropbox.exe | "{632C531C-915B-4F30-A4C3-C3439658772C}" = dir=out | name=@{microsoft.bingfinance_3.0.4.323_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{66BB01C3-CC88-4A3D-9E5D-FA3D2451AC21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6D085CB6-635E-4C3D-A01C-75B1ABDB9491}" = dir=out | name=@{microsoft.bingweather_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{705D4BD2-0767-4DB2-970C-FBF829EAD726}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{74094D66-98C0-4E23-A317-CA034A510BAE}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{7C0F8B5F-84E7-45B7-8031-73DBE83AA9D4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | "{87B77271-0B0A-42FB-8ED5-479465395A84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8AB3EA5E-209E-4AC9-807C-FDE9516196DB}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{8F9680BB-34F0-4B92-99F8-F4903363A2FD}" = dir=out | name=skype | "{93DBFC16-6013-4DFA-AE96-8DD34AF58AF9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9BC14CC5-63EA-41E3-85C7-A52A12D72B3B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | "{A5E8A4B1-D3CD-4A5F-BDD4-8B9D3A3E1146}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{D9AC4AE9-37D9-461F-91C5-CF0ECD6DBC91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E10FA1F0-9E61-471A-9C5F-05E5123C2FFD}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{F8EB49E3-8BEC-4F63-B318-85D128F316DF}" = dir=in | name=skype | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B444AF9-1DBE-4884-8F35-969BEFCF69A8}" = Intel® Trusted Connect Service Client "{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2E55EEFD-2162-4A7D-9158-EDB0305603A6}" = Dell Data Vault "{33D499E3-73E8-44D5-8D1F-FEA39535E9F2}" = True Color "{4034E489-D0E9-41C4-A0DA-865D3881FE3F}" = Intel(R) Management Engine Components "{4A7EE59E-C97F-4EC6-A607-7E2CDEC24092}" = Intel(R) ME UninstallLegacy "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = QuickSet64 "{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013 "{90150000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2013 "{90B2EE35-59D0-4A1F-B125-9F678D46A955}" = Dell Foundation Services "{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}" = Dell Data Services "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{98841A35-1CBE-4EA3-BFF5-F3E3AD894666}" = Intel(R) Chipset Device Software "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 344.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 344.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.4.3.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 2.4.3.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 2.4.3.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.4.3.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27 "{BACDF5CE-C53E-43FD-ADB8-CFBEC19FF50E}" = Intel(R) Management Engine Components "{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}" = WinZip 19.5 "{D3415F15-8C15-328C-933C-9075E60843CA}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK" = Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "PC-Doctor for Windows" = Dell SupportAssist "SynTPDeinstKey" = Dell Touchpad [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery "{17FFE63C-6734-4950-B488-134B5A2505F7}" = Dell Product Registration "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{287348C8-8B47-4C36-AF28-441A3B7D8722}" = Dell SupportAssistAgent "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime "{55c734b2-fcff-447e-81cc-a6f04ebf09fc}" = True Color "{597A58EC-42D6-4940-8739-FB94491B013C}" = Dropbox 20 GB "{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader "{606443B0-9831-11DC-5F90-015CFB7A6952}" = GraphPad Prism 6 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{6BDE5454-AC5C-4E03-AB26-5C38BFFF1F00}" = CED Spike2 for Windows version 7 "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{90150000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2013 "{90150000-0016-0415-0000-0000000FF1CE}" = Microsoft Excel MUI (Polish) 2013 "{90150000-0018-0415-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Polish) 2013 "{90150000-0019-0415-0000-0000000FF1CE}" = Microsoft Publisher MUI (Polish) 2013 "{90150000-001A-0415-0000-0000000FF1CE}" = Microsoft Outlook MUI (Polish) 2013 "{90150000-001B-0415-0000-0000000FF1CE}" = Microsoft Word MUI (Polish) 2013 "{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-0415-0000-0000000FF1CE}" = Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski "{90150000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2013 "{90150000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2013 "{90150000-00A1-0415-0000-0000000FF1CE}" = Microsoft OneNote MUI (Polish) 2013 "{90150000-00BA-0415-0000-0000000FF1CE}" = Microsoft Groove MUI (Polish) 2013 "{90150000-00E1-0415-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Polish) 2013 "{90150000-00E2-0415-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Polish) 2013 "{90437913-9D4D-4D9D-B438-B8664DF851E9}" = Dell Update "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}" = Dell Digital Delivery "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5 "{d370215a-d003-43ae-a3b6-1028af64d5a1}" = Oprogramowanie mikroukładu Intel® "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}" = Dell Customer Connect "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials "IrfanView" = IrfanView (remove only) "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.1.6.1022 "Office15.STANDARD" = Microsoft Office Standard 2013 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1210184927-2387741948-3987209327-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2015-07-07 10:13:04 | Computer Name = Komputron | Source = NvStreamSvc | ID = 133073 Description = Error - 2015-07-07 11:01:52 | Computer Name = Komputron | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2015-07-08 13:18:40 | Computer Name = Komputron | Source = NvStreamSvc | ID = 133073 Description = Error - 2015-07-08 13:57:06 | Computer Name = Komputron | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2015-07-08 17:42:29 | Computer Name = Komputron | Source = NvStreamSvc | ID = 133073 Description = Error - 2015-07-09 05:34:39 | Computer Name = Komputron | Source = NvStreamSvc | ID = 133073 Description = Error - 2015-07-09 05:44:05 | Computer Name = Komputron | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2015-07-09 08:05:34 | Computer Name = Komputron | Source = NvStreamSvc | ID = 133073 Description = Error - 2015-07-09 11:08:46 | Computer Name = Komputron | Source = NvStreamSvc | ID = 133073 Description = Error - 2015-07-09 13:33:11 | Computer Name = Komputron | Source = NvStreamSvc | ID = 133073 Description = [ System Events ] Error - 2015-06-23 15:53:04 | Computer Name = Komputron | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TrueColorALS. Error - 2015-06-24 01:15:27 | Computer Name = Komputron | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TrueColorALS. Error - 2015-06-24 01:15:57 | Computer Name = Komputron | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TrueColorALS. Error - 2015-06-24 01:16:27 | Computer Name = Komputron | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TrueColorALS. Error - 2015-06-24 01:16:57 | Computer Name = Komputron | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TrueColorALS. Error - 2015-06-24 01:19:07 | Computer Name = Komputron | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.199.3412.0). Error - 2015-06-24 01:49:49 | Computer Name = Komputron | Source = Service Control Manager | ID = 7034 Description = Usługa Usługa inspekcji sieci Windows Defender niespodziewanie zakończyła pracę. Wystąpiło to razy: 3. Error - 2015-06-24 01:50:16 | Computer Name = Komputron | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TrueColorALS. Error - 2015-06-24 01:50:46 | Computer Name = Komputron | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TrueColorALS. Error - 2015-06-24 19:51:15 | Computer Name = Komputron | Source = Service Control Manager | ID = 7046 Description = Następująca usługa ponownie przestała odpowiadać na żądania sterowania usługą: TrueColorALS Skontaktuj się z dostawcą usługi lub administratorem systemu, aby dowiedzieć się, czy należy wyłączyć tę usługę do momentu zidentyfikowania problemu. Przed wyłączeniem usługi może być konieczne ponowne uruchomienie komputera w trybie awaryjnym. < End of report > [/log] FRST [log] Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by Karolina at 2015-07-16 11:39:19 Running from C:\Users\Karolina\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1210184927-2387741948-3987209327-500 - Administrator - Disabled) Gość (S-1-5-21-1210184927-2387741948-3987209327-501 - Limited - Disabled) Karolina (S-1-5-21-1210184927-2387741948-3987209327-1001 - Administrator - Enabled) => C:\Users\Karolina ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Aktualizacje NVIDIA 2.4.3.31 (Version: 2.4.3.31 - NVIDIA Corporation) Hidden Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.4.0.0 - Auslogics Labs Pty Ltd) CED Spike2 for Windows version 7 (HKLM-x32\...\{6BDE5454-AC5C-4E03-AB26-5C38BFFF1F00}) (Version: 7 - CED) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.) Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.) Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{90B2EE35-59D0-4A1F-B125-9F678D46A955}) (Version: 2.1.125.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.16.0 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Dropbox (HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden GraphPad Prism 6 (HKLM-x32\...\{606443B0-9831-11DC-5F90-015CFB7A6952}) (Version: 6.05 - GraphPad Software) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3939 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation) NVIDIA Sterownik graficzny 344.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.24 - NVIDIA Corporation) Oprogramowanie mikroukładu Intel® (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden Panel sterowania NVIDIA 344.24 (Version: 344.24 - NVIDIA Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications) QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden True Color (HKLM-x32\...\{55c734b2-fcff-447e-81cc-a6f04ebf09fc}) (Version: 6.0.0.6 - Entertainment Experience) True Color (Version: 6.0.0.6 - Entertainment Experience LLC) Hidden Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version: - Microsoft) WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled 18-06-2015 09:36:48 Instalator modułów systemu Windows 22-06-2015 21:14:58 Windows Update 25-06-2015 15:19:38 Instalator modułów systemu Windows ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {15BCEBBB-FFBA-45C6-A5A1-266BDFE7E336} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001UA => C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.) Task: {180A9E20-E7F0-4721-B244-6E9B9EC84C3A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001Core => C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.) Task: {3E258166-4C4C-43D1-95EC-3CFC6E305F61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.) Task: {4170C408-12A0-4287-9755-98513773FA28} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.) Task: {41ECE858-240A-44E4-B37D-B771A33F4125} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {4FD95A8E-414A-4946-88CC-5DBA49343033} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {5466E7FC-43DB-4131-97FD-FAFDD89D97B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-18] (Microsoft Corporation) Task: {5B0199C9-D078-4951-9961-BF017A09B8CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.) Task: {6D601F98-F151-4ACE-889A-350CE0C30B2C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-05-22] (Synaptics Incorporated) Task: {7485CB9E-4254-4524-8E28-D959ECC23356} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-05] (Realtek Semiconductor) Task: {771E78A8-9869-4BBB-8C51-9B3951550762} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {7EBD3076-1F9F-4230-B6B1-80F2554CA871} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {87EA3703-CECF-4688-9D04-B7E6D8DC9AB5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {90537515-A581-4D55-844D-17F2D67029F9} - \Web Protector Plus No Task File <==== ATTENTION Task: {A91669AA-549A-4D6F-AC2F-A9B6187F3978} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {B928B177-B69E-4AF6-BAA5-70ED8895D978} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.) Task: {B9FBF4C6-E12F-417D-A11A-4C17A2A7E901} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {D62DCA84-88E3-4FAC-93C5-0AE35002EC3A} - \Web Protector Plus Server No Task File <==== ATTENTION Task: {DDC5CF85-44B4-49BE-984E-5D855D237941} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {FDAB1F58-979C-4C0B-9623-696BC83C37D1} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001Core.job => C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001UA.job => C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-11-14 15:51 - 2014-11-14 15:51 - 00466432 _____ () C:\Windows\system32\DPPPlugin.dll 2015-03-03 18:15 - 2014-09-27 05:19 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-12-25 00:27 - 2014-12-25 00:27 - 00094160 _____ () C:\Program Files\TrueColor\TrueColorALS.exe 2015-03-04 01:45 - 2014-09-08 22:40 - 00456296 _____ () C:\Windows\system32\igfxTray.exe 2014-06-18 04:11 - 2014-06-18 04:11 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-06-18 04:08 - 2014-06-18 04:08 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-06-18 04:14 - 2014-06-18 04:14 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-07-16 11:02 - 2015-05-14 11:54 - 00422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2015-05-20 07:23 - 2015-05-08 02:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-07-16 10:58 - 2015-07-16 10:58 - 00043008 _____ () c:\users\karolina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuylj5s.dll 2015-06-22 21:11 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Karolina\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-06-22 21:11 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Karolina\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-06-22 21:11 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Karolina\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-06-22 21:11 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Karolina\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-06-22 21:12 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Karolina\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-06-22 21:11 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Karolina\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-22 21:11 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Karolina\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-03-03 17:58 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-07-15 11:35 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll 2015-07-15 11:35 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll 2015-02-26 18:07 - 2015-02-09 17:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-03-03 18:19 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-02-26 18:07 - 2014-02-18 20:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Karolina\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 62.179.1.63 - 62.179.1.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7C0F8B5F-84E7-45B7-8031-73DBE83AA9D4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{9BC14CC5-63EA-41E3-85C7-A52A12D72B3B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{63B69689-E44D-462E-9AA3-F270C49A0325}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{26A4C5C1-7A7D-48A8-A172-0A55A55E97B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{2DEC24E3-6A3D-43D1-B5EF-E17008ED3530}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{DBE12EB4-A063-45CC-9B82-9BFFC8CD58CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{23B31E6F-3EE0-4C44-8B11-A1C41ADC368A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F5BAFF19-2097-48B5-B721-6B63EA4AD235}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{210AB4D7-9C00-4EED-8F59-73B2D3848453}] => (Allow) C:\Users\Karolina\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{5715A09E-EECF-4A81-81CF-5544EDC1A46A}] => (Allow) C:\Users\Karolina\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{3F644C68-07CB-4C36-AA86-D4246B5D62DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/16/2015 11:02:05 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (07/16/2015 11:02:05 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (07/16/2015 11:02:04 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (07/16/2015 11:02:01 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (07/16/2015 11:02:00 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (07/16/2015 11:00:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT) Description: There was an error with the Windows Location Provider database Error: (07/16/2015 10:46:39 AM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2) Error: (07/16/2015 10:40:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/16/2015 10:12:22 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [6] Error: (07/15/2015 10:52:18 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [6] System errors: ============= Error: (07/16/2015 11:25:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Usługa Windows Defender niespodziewanie zakończyła pracę. Wystąpiło to razy: 4. Error: (07/16/2015 11:02:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: %%1275 Error: (07/16/2015 11:02:17 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Karolina\AppData\Local\Temp\ehdrv.sys Error: (07/16/2015 11:02:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: %%1275 Error: (07/16/2015 11:02:16 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Karolina\AppData\Local\Temp\ehdrv.sys Error: (07/16/2015 11:02:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: %%1275 Error: (07/16/2015 11:02:16 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Karolina\AppData\Local\Temp\ehdrv.sys Error: (07/16/2015 11:01:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Usługa Windows Defender niespodziewanie zakończyła pracę. Wystąpiło to razy: 3. Error: (07/16/2015 10:59:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa IHProtect Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (07/16/2015 10:57:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa Windows Defender niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 100 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom skonfigurowany program odzyskiwania. Microsoft Office: ========================= Error: (07/16/2015 11:02:05 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe Error: (07/16/2015 11:02:05 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe Error: (07/16/2015 11:02:04 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe Error: (07/16/2015 11:02:01 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe Error: (07/16/2015 11:02:00 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe Error: (07/16/2015 11:00:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT) Description: -2147024883 Error: (07/16/2015 10:46:39 AM) (Source: TrueColorALS) (EventID: 4) (User: ) Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2) Error: (07/16/2015 10:40:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/16/2015 10:12:22 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [6] Error: (07/15/2015 10:52:18 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [6] CodeIntegrity Errors: =================================== Date: 2015-06-09 21:57:23.179 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-09 21:57:23.038 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-20 05:41:48.642 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz Percentage of memory in use: 31% Total physical RAM: 8103.49 MB Available physical RAM: 5515.72 MB Total Virtual: 16295.49 MB Available Virtual: 13467.09 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:921.46 GB) (Free:848.53 GB) NTFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: BD6AE2C1) Partition: GPT Partition Type. ==================== End of log ============================ [/log] [log]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by Karolina (administrator) on KOMPUTRON on 16-07-2015 11:37:58 Running from C:\Users\Karolina\Desktop Loaded Profiles: Karolina (Available Profiles: Karolina) Platform: Windows 8.1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe () C:\Program Files\TrueColor\TrueColorALS.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Users\Karolina\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Dropbox, Inc.) C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Dropbox, Inc.) C:\Users\Karolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe (Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-05] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [TrueColor UI] => [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-06-18] (Atheros Communications) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\...\Run: [Dropbox Update] => C:\Users\Karolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.) HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2015-03-04] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-25] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-25] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) Startup: C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c.lnk [2015-06-12] ShortcutTarget: c.lnk -> C:\Users\Karolina\AppData\Roaming\obxrldkzkm.exe () Startup: C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-21] ShortcutTarget: Dropbox.lnk -> C:\Users\Karolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karolina\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1437036167&z=b62270540810a961bba98f9g6z8c2mee4c7qcg1z6w&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT HKU\S-1-5-21-1210184927-2387741948-3987209327-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} SearchScopes: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1437036203&z=34768f3f9f951fdcc1c0319g7z5cam2e0ccqegcb9g&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&q={searchTerms} SearchScopes: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001 -> {94DF3D03-1046-4EE7-A6C6-D3B3F6CEEA8A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1210184927-2387741948-3987209327-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD100_15GOTEBPTXX15GOTEBPT&ts=1437036212&type=default&q={searchTerms} BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{1391BBC8-CBEF-4DA8-916F-846D8B27A797}: [DhcpNameServer] 192.168.1.211 192.168.1.212 212.87.14.39 Tcpip\..\Interfaces\{B1CE4EEB-F145-4324-9DBE-E09AEFE4682B}: [DhcpNameServer] 62.179.1.63 62.179.1.62 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-23] CHR Extension: (Chris Delbuck) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\elgfababjopgjalkgbfndlempbfdiecf [2015-06-21] CHR Extension: (Google Wallet) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-06-18] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-04] (Microsoft Corporation) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.) R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell) S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [325224 2014-09-08] (Intel Corporation) S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.) R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2014-12-25] () R2 VSSS; C:\Users\Karolina\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [101331584 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3901952 2014-06-06] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-06-18] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows (R) Win 7 DDK provider) R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation) S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation) R3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-05-22] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X] S1 wafd_vw_1_10_0_20; system32\drivers\wafd_vw_1_10_0_20.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 11:37 - 2015-07-16 11:38 - 00023162 _____ C:\Users\Karolina\Desktop\FRST.txt 2015-07-16 11:37 - 2015-07-16 11:38 - 00000000 ____D C:\FRST 2015-07-16 11:35 - 2015-07-16 11:35 - 00049582 _____ C:\Users\Karolina\Desktop\Extras.Txt 2015-07-16 11:34 - 2015-07-16 11:34 - 00132114 _____ C:\Users\Karolina\Desktop\OTL.Txt 2015-07-16 11:18 - 2015-07-16 11:18 - 02133504 _____ (Farbar) C:\Users\Karolina\Desktop\FRST64.exe 2015-07-16 11:12 - 2015-07-16 11:12 - 00602112 _____ (OldTimer Tools) C:\Users\Karolina\Desktop\OTL.exe 2015-07-16 11:02 - 2015-07-16 11:02 - 00000000 ____D C:\Program Files (x86)\ESET 2015-07-16 11:01 - 2015-07-16 11:02 - 02870984 _____ (ESET) C:\Users\Karolina\Desktop\esetsmartinstaller_plk.exe 2015-07-16 10:58 - 2015-07-16 10:58 - 00000000 ___RD C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-07-16 10:45 - 2015-07-16 10:55 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\JPEGCompress 2015-07-16 10:44 - 2015-07-16 10:44 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-07-16 10:43 - 2015-07-16 10:44 - 00000000 ____D C:\Program Files (x86)\MiuiTab 2015-07-16 10:42 - 2015-07-16 10:42 - 02320293 _____ (Dreamscape Software ) C:\Users\Karolina\Downloads\jpegcompress-2.9.6-(dobreprogramy.pl).exe 2015-07-16 10:42 - 2015-07-16 10:42 - 01122679 _____ C:\Users\Karolina\Desktop\JPEGCompress(13173)-dp.jse 2015-07-16 10:36 - 2015-07-16 10:36 - 00001908 _____ C:\Users\Karolina\Desktop\IrfanView Thumbnails.lnk 2015-07-16 10:36 - 2015-07-16 10:36 - 00001016 _____ C:\Users\Karolina\Desktop\IrfanView.lnk 2015-07-16 10:36 - 2015-07-16 10:36 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2015-07-16 10:36 - 2015-07-16 10:36 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\IrfanView 2015-07-16 10:36 - 2015-07-16 10:36 - 00000000 ____D C:\Program Files (x86)\IrfanView 2015-07-12 09:49 - 2015-07-12 09:49 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-07-12 09:46 - 2015-07-12 09:46 - 01415680 _____ (wj32) C:\Program Files\VU1XN3W9.exe 2015-07-09 12:58 - 2015-07-09 12:58 - 01415680 _____ (wj32) C:\Program Files\Y0CKPR5C.exe 2015-07-09 11:35 - 2015-07-09 11:35 - 00000000 ____D C:\Program Files (x86)\Dell Update 2015-07-08 12:32 - 2015-07-08 12:32 - 01415680 _____ (wj32) C:\Program Files\D0D6GFEF.exe 2015-07-05 18:08 - 2015-07-05 18:08 - 01415680 _____ (wj32) C:\Program Files\KXTP876D.exe 2015-07-04 23:17 - 2015-07-04 23:17 - 01415680 _____ (wj32) C:\Program Files\EDWYXGLA.exe 2015-07-03 13:20 - 2015-07-03 13:20 - 01086307 _____ C:\Users\Karolina\Desktop\The Sims 3 Demo.jse 2015-06-26 08:55 - 2015-06-26 08:55 - 00004036 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2015-06-26 08:55 - 2015-06-26 08:55 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2015-06-26 08:55 - 2015-06-26 08:55 - 00003226 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2015-06-26 08:55 - 2015-06-26 08:55 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2015-06-26 08:55 - 2015-06-26 08:55 - 00000000 ____D C:\Program Files\Dell Support Center 2015-06-23 19:50 - 2015-06-23 19:54 - 01415680 _____ (wj32) C:\Program Files\10ZYX94C.exe 2015-06-22 16:43 - 2015-07-16 10:48 - 00001194 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001UA.job 2015-06-22 16:43 - 2015-07-11 16:48 - 00001142 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001Core.job 2015-06-22 16:43 - 2015-06-22 16:43 - 00004146 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001UA 2015-06-22 16:43 - 2015-06-22 16:43 - 00003766 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1210184927-2387741948-3987209327-1001Core 2015-06-22 16:43 - 2015-06-22 16:43 - 00000000 ____D C:\Users\Karolina\AppData\Local\Dropbox 2015-06-22 16:43 - 2015-06-22 16:43 - 00000000 ____D C:\ProgramData\Dropbox 2015-06-22 16:20 - 2015-06-22 16:21 - 00913864 _____ C:\Windows\Minidump\062215-47171-01.dmp 2015-06-21 20:26 - 2015-06-21 20:26 - 00000000 ____D C:\Users\Karolina\Desktop\FFT_TTX 2015-06-20 10:11 - 2015-07-04 08:54 - 00000000 ____D C:\Users\Karolina\AppData\Local\CrashDumps 2015-06-16 09:45 - 2015-07-04 09:27 - 00016498 _____ C:\Users\Karolina\Documents\Aps-podsumowanie.xlsx 2015-06-16 09:40 - 2015-06-22 16:20 - 675891874 _____ C:\Windows\MEMORY.DMP 2015-06-16 09:40 - 2015-06-16 09:40 - 00924048 _____ C:\Windows\Minidump\061615-34375-01.dmp 2015-06-16 09:40 - 2015-06-16 09:40 - 00000000 ____D C:\Windows\Minidump ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 11:39 - 2015-05-20 07:22 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-16 11:37 - 2015-03-03 18:04 - 01322838 _____ C:\Windows\WindowsUpdate.log 2015-07-16 11:16 - 2015-05-20 05:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1210184927-2387741948-3987209327-1001 2015-07-16 11:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-07-16 11:07 - 2015-03-03 18:18 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-07-16 11:04 - 2014-03-18 11:52 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-16 11:04 - 2014-03-18 11:25 - 00807160 _____ C:\Windows\system32\perfh015.dat 2015-07-16 11:04 - 2014-03-18 11:25 - 00163478 _____ C:\Windows\system32\perfc015.dat 2015-07-16 11:00 - 2015-03-03 18:16 - 00006469 _____ C:\Windows\SysWOW64\Gms.log 2015-07-16 11:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-07-16 10:59 - 2015-05-21 10:43 - 00000000 ___RD C:\Users\Karolina\Dropbox 2015-07-16 10:59 - 2015-05-21 10:39 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\Dropbox 2015-07-16 10:59 - 2015-05-20 14:48 - 00000000 ___DO C:\Users\Karolina\OneDrive 2015-07-16 10:58 - 2015-05-20 07:22 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-16 10:57 - 2013-08-22 16:46 - 00023050 _____ C:\Windows\setupact.log 2015-07-16 10:56 - 2014-03-18 03:39 - 00052172 _____ C:\Windows\PFRO.log 2015-07-16 10:56 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-16 10:56 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2015-07-16 10:47 - 2013-08-22 16:44 - 00492408 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-16 10:46 - 2015-05-20 05:37 - 00000000 ____D C:\Users\Karolina 2015-07-16 10:45 - 2015-05-20 05:38 - 00000000 ____D C:\Users\Karolina\AppData\Local\VirtualStore 2015-07-16 10:34 - 2015-05-20 07:22 - 00004048 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 10:33 - 2015-05-20 07:22 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-16 10:24 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-07-15 19:37 - 2015-05-20 07:20 - 00003856 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9F6B887-E1FC-4EF6-94FA-1D89189E63D7} 2015-07-09 11:35 - 2015-03-03 18:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-07-05 12:08 - 2015-05-21 10:16 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-26 08:54 - 2015-03-03 18:18 - 00000000 ____D C:\ProgramData\PCDr 2015-06-25 15:24 - 2015-05-20 05:37 - 00000000 ____D C:\Users\Karolina\AppData\Local\Packages 2015-06-23 20:03 - 2015-05-20 07:23 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2015-06-23 19:57 - 2015-06-07 20:29 - 00003816 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate 2015-06-23 19:56 - 2015-06-07 20:29 - 00000000 ____D C:\ProgramData\SupportAssistAgent 2015-06-22 21:14 - 2015-03-03 18:03 - 00000000 ____D C:\Program Files\Dell 2015-06-22 16:21 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2015-06-20 05:02 - 2015-06-14 19:36 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-20 05:02 - 2015-06-14 19:36 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-18 09:52 - 2015-06-07 16:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-06-18 09:51 - 2015-06-07 15:55 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-18 09:48 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini 2015-06-18 09:46 - 2015-05-21 09:43 - 00000000 ____D C:\Windows\system32\MRT 2015-06-18 09:41 - 2015-05-21 09:43 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-16 11:07 - 2015-06-12 20:11 - 00096256 _____ C:\Users\Karolina\Documents\Kopia PERSONAL_Praca_SK1.xls 2015-06-16 11:04 - 2015-05-21 20:06 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys ==================== Files in the root of some directories ======= 2015-06-23 19:50 - 2015-06-23 19:54 - 1415680 _____ (wj32) C:\Program Files\10ZYX94C.exe 2015-07-08 12:32 - 2015-07-08 12:32 - 1415680 _____ (wj32) C:\Program Files\D0D6GFEF.exe 2015-07-04 23:17 - 2015-07-04 23:17 - 1415680 _____ (wj32) C:\Program Files\EDWYXGLA.exe 2015-07-05 18:08 - 2015-07-05 18:08 - 1415680 _____ (wj32) C:\Program Files\KXTP876D.exe 2015-07-12 09:46 - 2015-07-12 09:46 - 1415680 _____ (wj32) C:\Program Files\VU1XN3W9.exe 2015-07-09 12:58 - 2015-07-09 12:58 - 1415680 _____ (wj32) C:\Program Files\Y0CKPR5C.exe 2015-06-12 20:01 - 2015-06-12 20:01 - 71774208 __RSH () C:\Users\Karolina\AppData\Roaming\obxrldkzkm.exe 2015-03-03 18:03 - 2015-03-03 18:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-03-03 18:02 - 2015-03-03 18:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-03-03 17:58 - 2015-03-03 17:59 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-03-03 17:59 - 2015-03-03 18:00 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-03-03 18:00 - 2015-03-03 18:02 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-03-03 17:57 - 2015-03-03 17:58 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\Karolina\AppData\Local\Temp\cdo1104012694.dll C:\Users\Karolina\AppData\Local\Temp\cdo1402476997.dll C:\Users\Karolina\AppData\Local\Temp\cdo1438440839.dll C:\Users\Karolina\AppData\Local\Temp\cdo1439697553.dll C:\Users\Karolina\AppData\Local\Temp\cdo2473863481.dll C:\Users\Karolina\AppData\Local\Temp\cdo2591000455.dll C:\Users\Karolina\AppData\Local\Temp\cdo3172257131.dll C:\Users\Karolina\AppData\Local\Temp\cdo3284747102.dll C:\Users\Karolina\AppData\Local\Temp\cdo40629731.dll C:\Users\Karolina\AppData\Local\Temp\cdo944547204.dll C:\Users\Karolina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuylj5s.dll C:\Users\Karolina\AppData\Local\Temp\JSE_install_app-1437036149592.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-07 18:32 ==================== End of log ============================[/log]
czeski komentarz 18 lipca 2015 Autor komentarz 18 lipca 2015 Po przeskanowaniu antywirem online programy odpaliły się, ale mimo wszystko proszę o sprawdzenie logów. Z góry serdecznie pozdrawiam
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.