Pojawiające się reklamy

**Posty:** 287 · przez **kingpc** 15 Sie 2013, 07:22

Na laptopie podejrzewam wirusy ponieważ wyświetlają się różne reklamy.

Kod: Zaznacz wszystko: OTL logfile created on: 2013-08-15 06:59:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,90 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,04% Memory free 7,80 Gb Paging File | 6,70 Gb Available in Paging File | 85,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 38,96 Gb Total Space | 10,66 Gb Free Space | 27,37% Space Free | Partition Type: NTFS Drive D: | 659,57 Gb Total Space | 659,46 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: VAIO | User Name: Julia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-08-14 22:29:19 | 001,361,576 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files (x86)\Omiga Plus\omigaplus.exe PRC - [2013-08-14 22:29:19 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe PRC - [2013-08-14 21:42:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Downloads\OTL.exe PRC - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2012-04-06 01:14:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012-02-21 20:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012-02-21 20:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012-02-07 18:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-02-07 18:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-02-07 18:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-02-07 18:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2011-11-29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-11-29 21:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011-06-06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010-11-21 05:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2010-02-09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-08-14 22:29:19 | 000,195,240 | ---- | M] () -- C:\Program Files (x86)\Omiga Plus\edeskcmn.dll MOD - [2013-08-14 22:29:19 | 000,181,928 | ---- | M] () -- C:\Program Files (x86)\Omiga Plus\libpng.dll MOD - [2013-08-14 22:29:19 | 000,060,072 | ---- | M] () -- C:\Program Files (x86)\Omiga Plus\libnotify.dll MOD - [2013-08-14 19:03:26 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d4493b0e5a5c6faf89cfeaa5f2a21034\IAStorUtil.ni.dll MOD - [2013-08-14 12:00:37 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll MOD - [2013-08-14 12:00:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll MOD - [2013-08-14 12:00:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll MOD - [2013-08-14 12:00:01 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll MOD - [2013-08-14 11:59:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll MOD - [2013-08-14 11:59:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll MOD - [2013-08-14 11:59:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll MOD - [2013-08-14 11:59:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013-07-11 08:30:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll MOD - [2013-07-10 22:48:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2012-08-16 05:05:51 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2011-04-12 15:21:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009-02-27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2012-02-02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013-08-14 22:29:19 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe -- (omigaplussvc) SRV - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-04-06 01:23:42 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012-02-21 20:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012-02-21 20:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012-02-21 20:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012-02-07 18:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-02-07 18:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-02-07 18:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012-02-07 18:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2011-11-29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-06-06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-08-16 05:11:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012-08-16 05:11:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012-08-16 05:07:26 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-04-06 01:23:54 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:[b]64bit:[/b] - [2012-04-06 01:14:28 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012-04-06 01:14:24 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012-04-06 01:14:22 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012-02-22 00:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2012-01-16 03:01:16 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:[b]64bit:[/b] - [2011-11-30 12:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2011-11-29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-11-10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013-03-28 18:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Extensions [2013-04-05 22:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000..\Run: [Omiga Plus] C:\Program Files (x86)\Omiga Plus\omigaplus.exe (Taiwan Shui Mu Chih Ching Technology Limited.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A0D7B9C-15CE-432D-9296-D12F3A4BD06C}: DhcpNameServer = 192.168.1.1 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-08-15 06:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013-08-15 06:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013-08-14 22:35:42 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Omiga Plus [2013-08-14 22:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe [2013-08-14 22:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Omiga Plus [2013-08-14 10:14:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-08-14 10:14:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-08-14 10:14:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-08-14 10:14:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-08-14 10:14:18 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-08-14 10:14:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-08-14 10:14:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-08-14 10:14:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-08-14 10:14:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-08-14 10:14:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-08-14 10:14:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-08-14 10:14:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-08-14 10:14:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-08-14 10:14:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-08-14 10:14:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-08-14 09:26:19 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-08-14 09:26:18 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013-08-14 09:26:18 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-08-14 09:25:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013-08-14 09:25:41 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013-08-14 09:25:36 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013-08-14 09:25:33 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-08-14 09:25:32 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-08-14 09:25:32 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-08-14 09:25:32 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-08-14 09:25:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013-08-14 09:25:32 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-08-14 09:25:31 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013-08-14 09:25:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013-08-14 09:25:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013-08-14 09:25:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-08-14 09:25:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013-08-14 09:25:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013-08-14 09:25:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013-08-14 09:25:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-08-14 09:25:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013-08-14 09:25:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-08-14 09:25:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013-08-14 09:25:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013-08-14 09:25:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-08-14 09:25:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013-08-14 09:25:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-08-02 15:19:38 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2013-08-02 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\systweak [2013-07-21 21:06:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013-07-18 19:36:51 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\muzyka [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-08-15 06:55:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-08-15 06:50:09 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-08-15 06:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-08-14 22:44:05 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-08-14 22:44:05 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-08-14 22:37:42 | 000,001,436 | ---- | M] () -- C:\Users\Julia\Desktop\muzyka.lnk [2013-08-14 22:35:35 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-08-14 22:35:22 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys [2013-08-14 22:34:44 | 000,000,137 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013-08-14 22:29:55 | 000,001,368 | ---- | M] () -- C:\Users\Julia\Desktop\Wyczyść rejestr za darmo!.lnk [2013-08-14 22:22:50 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2013-07-27 10:46:03 | 000,543,306 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0424.JPG [2013-07-26 22:15:12 | 000,000,055 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\WB.CFG [2013-07-26 07:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-07-26 07:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-07-26 07:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-07-26 07:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-07-26 07:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-07-26 07:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-07-26 07:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-07-26 07:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-07-26 05:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-07-26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-07-26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-07-26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-07-26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-07-26 04:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-07-26 03:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-07-25 11:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013-07-25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013-07-20 07:59:33 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-07-20 07:59:33 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-07-20 07:59:33 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-07-20 07:59:33 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-07-20 07:59:33 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-07-18 09:53:17 | 000,064,419 | ---- | M] () -- C:\Users\Julia\Desktop\pko_trans_details_130718_095322.pdf [2013-07-17 13:57:27 | 000,064,294 | ---- | M] () -- C:\Users\Julia\Desktop\muzyka.pdf [2013-07-16 10:48:29 | 000,633,242 | ---- | M] () -- C:\Users\Julia\Desktop\oliwia.jpg [2013-07-16 10:48:29 | 000,633,242 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0385.JPG [2013-07-16 10:39:03 | 000,629,071 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0378.JPG [2013-07-16 10:38:59 | 000,623,183 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0380.JPG [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-08-15 06:55:12 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-08-14 22:34:31 | 000,000,137 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013-08-14 22:22:50 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2013-08-11 22:15:03 | 000,001,368 | ---- | C] () -- C:\Users\Julia\Desktop\Wyczyść rejestr za darmo!.lnk [2013-07-27 10:46:03 | 000,543,306 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0424.JPG [2013-07-26 22:15:12 | 000,000,055 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\WB.CFG [2013-07-18 09:53:45 | 000,064,419 | ---- | C] () -- C:\Users\Julia\Desktop\pko_trans_details_130718_095322.pdf [2013-07-17 13:58:11 | 000,064,294 | ---- | C] () -- C:\Users\Julia\Desktop\muzyka.pdf [2013-07-16 10:48:33 | 000,633,242 | ---- | C] () -- C:\Users\Julia\Desktop\oliwia.jpg [2013-07-16 10:47:26 | 000,633,242 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0385.JPG [2013-07-16 10:38:49 | 000,623,183 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0380.JPG [2013-07-16 10:38:45 | 000,629,071 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0378.JPG [2013-06-15 22:15:18 | 000,000,005 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\WBPU-TTL.DAT [2013-01-07 18:02:52 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012-02-02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-03-23 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\.minecraft [2013-08-14 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Omiga Plus [2013-04-05 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\PDF Reader Packages [2013-04-05 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\SumatraPDF [2013-08-14 22:30:06 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\systweak [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2013-08-15 06:59:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,90 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,04% Memory free 7,80 Gb Paging File | 6,70 Gb Available in Paging File | 85,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 38,96 Gb Total Space | 10,66 Gb Free Space | 27,37% Space Free | Partition Type: NTFS Drive D: | 659,57 Gb Total Space | 659,46 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: VAIO | User Name: Julia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4224795036-2675726776-1960710971-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Julia\AppData\Roaming\File Scout\filescout.exe" /open "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Julia\AppData\Roaming\File Scout\filescout.exe" /open "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{061760BB-412B-4E9B-AEB6-0887E3ECFC1B}" = rport=137 | protocol=17 | dir=out | app=system | "{1271DCB6-0856-4495-9556-A8F32029A43D}" = lport=2869 | protocol=6 | dir=in | app=system | "{169A51F9-79EE-4F9F-83FA-785A99FE1E6D}" = lport=137 | protocol=17 | dir=in | app=system | "{21850C89-CC9E-4DDF-9AEC-3CDF0B261681}" = rport=139 | protocol=6 | dir=out | app=system | "{2C0915EE-5FA1-4AD1-BED6-76595A5438A3}" = lport=139 | protocol=6 | dir=in | app=system | "{3222258B-094D-4BE9-93C2-B5D926D73BF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{39E094DD-B795-410B-9853-79F7CB42E838}" = lport=138 | protocol=17 | dir=in | app=system | "{4429077A-BA38-43BC-982F-C7BF5BD1D981}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C5DC7F6-EE39-4C4F-82BB-E90DE66D0FE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E153DB2-64FC-4E06-8BA7-85A21923FD35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F5B526C-EE05-4C33-A331-EEABDE7248F9}" = lport=445 | protocol=6 | dir=in | app=system | "{5C2E2435-CE53-4164-85DB-05837F710113}" = lport=10243 | protocol=6 | dir=in | app=system | "{60D1C195-CC26-4F68-BC6B-7FDB13312F4C}" = rport=138 | protocol=17 | dir=out | app=system | "{8E7A0C64-5E05-458B-AEA2-A96A48FD3657}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8FCA9233-D11E-4A73-9359-E557BDC3879D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A342594F-32BC-4C7E-94A1-ACA74FD70A57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A43E9CCC-27CA-4E7E-B10D-2E5B56ECA7DB}" = rport=445 | protocol=6 | dir=out | app=system | "{A8DEFF1D-8B10-45FF-8B44-E9BF9B1473D0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C6F23BB7-C6B2-41C8-BE68-3161AE70E4E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D2962C47-408F-48F5-90CA-8CE40F5CC9F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F26B3727-8174-4C8A-A256-33DAFE71EE30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F864DAF2-2AA2-410E-8EA9-F186C2AC1916}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FAB1482C-AFFE-4DB2-AEFE-22F40676EE61}" = rport=10243 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F5C577A-447A-4B3B-8986-A37E42B70300}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{214A1B83-BCBB-4F9E-ACB0-422E54A30669}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | "{2372AAE9-8F83-4D3F-8524-3242B9727AFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{27C1E0D2-D68A-44FB-AD0C-BA03C653289E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{288516FF-92A4-40F9-A816-E7CC43D6F6ED}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | "{2FD7B33A-DF1C-4B0F-AE03-1B927B563CA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{33BE2BE9-009A-4ADD-BA46-5CADD6C5EA5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5A6B7F7C-B7C0-4914-B7DD-297AFACC46E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60688FCA-3253-4D9A-9F53-A4999224082D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{67590175-2335-492C-8D98-C2CD23833F6A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | "{683EB53E-A554-47DE-B87D-7BB0B98DA32F}" = protocol=6 | dir=out | app=system | "{6EFC87F7-8923-47D0-87F1-62435E0A978F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7550794E-E22B-419F-8B64-6497DBCC532A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{878990AC-B3E9-4AD8-8FFF-021B4256669A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B0653C88-8587-486F-9A15-E17828CD171F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B95E5E19-3462-47C4-B12D-11E414D82BDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BBE63C69-649F-4432-83E6-4AB224E8CFA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CC9E8190-9131-481B-9754-D649A7AC13BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DC32F8B1-E8DE-4A25-A9AB-D78AF3B34A89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EDCE6F86-FE35-4A84-A4D9-5132354EA82C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F3A9EE73-383B-4488-A43F-22C9F70513AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F873F551-D4FB-4C99-8C10-F7D79BF2CC96}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64 "{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "CCleaner" = CCleaner "D3980EE1930054D2BAB3D957A731D6C24AF9F739" = Pakiet sterowników systemu Windows - Sony Corporation (SFEP) HIDClass (11/15/2011 8.0.2.3) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Polish "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{E727B31A-8B24-4C1C-934A-69634E0D2C0B}" = Qualcomm Atheros WiFi Driver Installation "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W "Google Chrome" = Google Chrome "Omiga Plus" = Omiga Plus "WinRAR archiver" = WinRAR 4.20 (32-bitowy) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-4224795036-2675726776-1960710971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PDF Reader" = PDF Reader "PDF Reader Packages" = PDF Reader Packages [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-07-27 08:11:05 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-27 09:54:02 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-27 12:53:18 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-27 17:03:18 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-28 02:21:06 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-28 06:24:49 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-28 08:38:37 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-28 09:06:38 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-28 11:16:48 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = Error - 2013-07-28 12:44:17 | Computer Name = VAIO | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2013-08-13 07:45:56 | Computer Name = VAIO | Source = DCOM | ID = 10005 Description = Error - 2013-08-13 07:45:56 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Bluetooth Media Service. Error - 2013-08-13 07:45:56 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Bluetooth Media Service z powodu następującego błędu: %%1053 Error - 2013-08-13 07:46:06 | Computer Name = VAIO | Source = Service Control Manager | ID = 7034 Description = Usługa Desk 365 service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-08-14 16:33:27 | Computer Name = VAIO | Source = Service Control Manager | ID = 7022 Description = Usługa Wsys Service zawiesiła się podczas uruchamiania. Error - 2013-08-14 16:34:57 | Computer Name = VAIO | Source = DCOM | ID = 10010 Description = Error - 2013-08-14 16:36:52 | Computer Name = VAIO | Source = Service Control Manager | ID = 7022 Description = Usługa Wsys Service zawiesiła się podczas uruchamiania. Error - 2013-08-14 16:52:03 | Computer Name = VAIO | Source = DCOM | ID = 10005 Description = Error - 2013-08-14 16:52:03 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Bluetooth Media Service. Error - 2013-08-14 16:52:03 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Bluetooth Media Service z powodu następującego błędu: %%1053 < End of report >

Kod: Zaznacz wszystko: GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-15 07:21:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: xiy9291w.exe; Driver: C:\Users\Julia\AppData\Local\Temp\pxldypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Users\Julia\Downloads\OTL.exe[1980] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Users\Julia\Downloads\OTL.exe[1980] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5060] entry point in ".rdata" section 000000006d4d71e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fff9b1 7 bytes {MOV EDX, 0x883a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fffbf5 7 bytes {MOV EDX, 0x883a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fffc25 7 bytes {MOV EDX, 0x8839a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fffc3d 7 bytes {MOV EDX, 0x883928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fffc55 7 bytes {MOV EDX, 0x883b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fffc85 7 bytes {MOV EDX, 0x883b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fffd05 7 bytes {MOV EDX, 0x883ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fffd1d 7 bytes {MOV EDX, 0x883aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fffd69 7 bytes {MOV EDX, 0x883868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fffe61 7 bytes {MOV EDX, 0x8838a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770000b9 7 bytes {MOV EDX, 0x883828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770010c5 7 bytes {MOV EDX, 0x8839e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007700113d 7 bytes {MOV EDX, 0x883968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077001341 7 bytes {MOV EDX, 0x8838e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fff9b1 7 bytes {MOV EDX, 0x855a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fffbf5 7 bytes {MOV EDX, 0x855a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fffc25 7 bytes {MOV EDX, 0x8559a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fffc3d 7 bytes {MOV EDX, 0x855928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fffc55 7 bytes {MOV EDX, 0x855b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fffc85 7 bytes {MOV EDX, 0x855b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fffd05 7 bytes {MOV EDX, 0x855ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fffd1d 7 bytes {MOV EDX, 0x855aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fffd69 7 bytes {MOV EDX, 0x855868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fffe61 7 bytes {MOV EDX, 0x8558a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770000b9 7 bytes {MOV EDX, 0x855828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770010c5 7 bytes {MOV EDX, 0x8559e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007700113d 7 bytes {MOV EDX, 0x855968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077001341 7 bytes {MOV EDX, 0x8558e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fff9b1 7 bytes {MOV EDX, 0xbebe28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fffbf5 7 bytes {MOV EDX, 0xbebe68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fffc25 7 bytes {MOV EDX, 0xbebda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fffc3d 7 bytes {MOV EDX, 0xbebd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fffc55 7 bytes {MOV EDX, 0xbebf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fffc85 7 bytes {MOV EDX, 0xbebf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fffd05 7 bytes {MOV EDX, 0xbebee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fffd1d 7 bytes {MOV EDX, 0xbebea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fffd69 7 bytes {MOV EDX, 0xbebc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fffe61 7 bytes {MOV EDX, 0xbebca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770000b9 7 bytes {MOV EDX, 0xbebc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770010c5 7 bytes {MOV EDX, 0xbebde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007700113d 7 bytes {MOV EDX, 0xbebd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077001341 7 bytes {MOV EDX, 0xbebce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fff9b1 7 bytes {MOV EDX, 0x1083628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fffbf5 7 bytes {MOV EDX, 0x1083668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fffc25 7 bytes {MOV EDX, 0x10835a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fffc3d 7 bytes {MOV EDX, 0x1083528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fffc55 7 bytes {MOV EDX, 0x1083728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fffc85 7 bytes {MOV EDX, 0x1083768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fffd05 7 bytes {MOV EDX, 0x10836e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fffd1d 7 bytes {MOV EDX, 0x10836a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fffd69 7 bytes {MOV EDX, 0x1083468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fffe61 7 bytes {MOV EDX, 0x10834a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770000b9 7 bytes {MOV EDX, 0x1083428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770010c5 7 bytes {MOV EDX, 0x10835e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007700113d 7 bytes {MOV EDX, 0x1083568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077001341 7 bytes {MOV EDX, 0x10834e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2536:3320] 000007fef40a9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9b766e0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9b766e0 (not active ControlSet) ---- EOF - GMER 2.1 ----

**Posty:** 4765 · przez **ordynat** 15 Sie 2013, 07:56

To efekt zainstalowania programu "Omiga Plus".

1) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim Usuń
Pokaż raport z niego C:\AdwCleaner[S1].txt

2) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2013-08-14 22:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013-08-14 22:35:42 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Omiga Plus
[2013-08-14 22:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Omiga Plus
O4 - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000..\Run: [Omiga Plus] C:\Program Files (x86)\Omiga Plus\omigaplus.exe (Taiwan Shui Mu Chih Ching Technology Limited.)
SRV - [2013-08-14 22:29:19 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe -- (omigaplussvc)
MOD - [2013-08-14 22:29:19 | 000,195,240 | ---- | M] () -- C:\Program Files (x86)\Omiga Plus\edeskcmn.dll
MOD - [2013-08-14 22:29:19 | 000,181,928 | ---- | M] () -- C:\Program Files (x86)\Omiga Plus\libpng.dll
MOD - [2013-08-14 22:29:19 | 000,060,072 | ---- | M] () -- C:\Program Files (x86)\Omiga Plus\libnotify.dll

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-4224795036-2675726776-1960710971-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline)
Być może trzeba też zainstalować nowszą wersję Javy 64 bit >http://java.com/pl/download/faq/java_win64bit.xml
.

**Posty:** 287 · przez **kingpc** 15 Sie 2013, 08:02

Kod: Zaznacz wszystko: # AdwCleaner v2.306 - Log utworzony 15/08/2013 o 07:59:28 # Aktualizacja 19/07/2013 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : Julia - VAIO # Tryb uruchomienia : Normalny # Ścieżka : C:\Users\Julia\Downloads\adwcleaner (1).exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\ProgramData\eSafe Folder Usunięto : C:\Users\Julia\AppData\Roaming\Omiga Plus Usunięto po restarcie : C:\Program Files (x86)\Omiga Plus ***** [Rejestr] ***** ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Rejestr w porządku. -\\ Google Chrome v28.0.1500.95 Plik : C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Plik w porządku. ************************* AdwCleaner[S1].txt - [4986 octets] - [14/08/2013 22:34:23] AdwCleaner[S2].txt - [900 octets] - [15/08/2013 07:59:28] ########## EOF - C:\AdwCleaner[S2].txt - [959 octets] ##########

**Posty:** 4765 · przez **ordynat** 15 Sie 2013, 08:16

jeszcze wykonaj pozostałe zalecenia z mojego poprzedniego postu

**Posty:** 287 · przez **kingpc** 15 Sie 2013, 08:21

Po usunięciu:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Folder C:\ProgramData\eSafe\ not found. C:\Users\Julia\AppData\Roaming\Omiga Plus\wp folder moved successfully. C:\Users\Julia\AppData\Roaming\Omiga Plus\sysicons folder moved successfully. C:\Users\Julia\AppData\Roaming\Omiga Plus\icons folder moved successfully. C:\Users\Julia\AppData\Roaming\Omiga Plus folder moved successfully. C:\Program Files (x86)\Omiga Plus\uninstaller folder moved successfully. C:\Program Files (x86)\Omiga Plus\style folder moved successfully. C:\Program Files (x86)\Omiga Plus\layout\default folder moved successfully. C:\Program Files (x86)\Omiga Plus\layout folder moved successfully. C:\Program Files (x86)\Omiga Plus\language\zh_tw folder moved successfully. C:\Program Files (x86)\Omiga Plus\language\zh_cn folder moved successfully. C:\Program Files (x86)\Omiga Plus\language\tr_tr folder moved successfully. C:\Program Files (x86)\Omiga Plus\language\pt_br folder moved successfully. C:\Program Files (x86)\Omiga Plus\language\es_es folder moved successfully. C:\Program Files (x86)\Omiga Plus\language\en_us folder moved successfully. C:\Program Files (x86)\Omiga Plus\language folder moved successfully. C:\Program Files (x86)\Omiga Plus\image\toolsIcon folder moved successfully. C:\Program Files (x86)\Omiga Plus\image\default\cmn folder moved successfully. C:\Program Files (x86)\Omiga Plus\image\default folder moved successfully. C:\Program Files (x86)\Omiga Plus\image folder moved successfully. C:\Program Files (x86)\Omiga Plus folder moved successfully. Registry value HKEY_USERS\S-1-5-21-4224795036-2675726776-1960710971-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Omiga Plus deleted successfully. File C:\Program Files (x86)\Omiga Plus\omigaplus.exe not found. Service omigaplussvc stopped successfully! Service omigaplussvc deleted successfully! File C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe not found. ========== REGISTRY ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope deleted successfully. Registry value HKEY_USERS\S-1-5-21-4224795036-2675726776-1960710971-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Julia ->Temp folder emptied: 2423567169 bytes ->Temporary Internet Files folder emptied: 360619084 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 296827792 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 281354245 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321779 bytes RecycleBin emptied: 20100204 bytes Total Files Cleaned = 3 266,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 08152013_080829 Files\Folders moved on Reboot... C:\Users\Julia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Julia\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

Nowy:

Kod: Zaznacz wszystko: OTL logfile created on: 2013-08-15 08:14:59 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,90 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 73,63% Memory free 7,80 Gb Paging File | 6,72 Gb Available in Paging File | 86,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 38,96 Gb Total Space | 13,76 Gb Free Space | 35,32% Space Free | Partition Type: NTFS Drive D: | 659,57 Gb Total Space | 659,46 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: VAIO | User Name: Julia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-08-14 21:42:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Downloads\OTL.exe PRC - [2013-07-25 02:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-04-06 01:14:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012-02-21 20:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012-02-21 20:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012-02-07 18:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-02-07 18:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-02-07 18:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-02-07 18:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2011-11-29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-11-29 21:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010-11-21 05:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2010-02-09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-08-14 19:03:26 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d4493b0e5a5c6faf89cfeaa5f2a21034\IAStorUtil.ni.dll MOD - [2013-08-14 12:00:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll MOD - [2013-08-14 12:00:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll MOD - [2013-08-14 12:00:01 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll MOD - [2013-08-14 11:59:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll MOD - [2013-08-14 11:59:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll MOD - [2013-08-14 11:59:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll MOD - [2013-08-14 11:59:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013-07-25 02:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll MOD - [2013-07-25 02:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll MOD - [2013-07-25 02:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll MOD - [2013-07-11 08:30:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll MOD - [2013-07-10 22:48:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2012-08-16 05:05:51 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2011-04-12 15:21:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009-02-27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2012-02-02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-04-06 01:23:42 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012-02-21 20:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012-02-21 20:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012-02-21 20:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012-02-07 18:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-02-07 18:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-02-07 18:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012-02-07 18:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2011-11-29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-08-16 05:11:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012-08-16 05:11:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012-08-16 05:07:26 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-04-06 01:23:54 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:[b]64bit:[/b] - [2012-04-06 01:14:28 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012-04-06 01:14:24 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012-04-06 01:14:22 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012-02-22 00:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2012-01-16 03:01:16 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:[b]64bit:[/b] - [2011-11-30 12:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2011-11-29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-11-10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-4224795036-2675726776-1960710971-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013-03-28 18:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Extensions [2013-04-05 22:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A0D7B9C-15CE-432D-9296-D12F3A4BD06C}: DhcpNameServer = 192.168.1.1 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-08-15 08:08:29 | 000,000,000 | ---D | C] -- C:\_OTL [2013-08-15 07:25:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-08-15 06:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013-08-15 06:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013-08-14 10:14:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-08-14 10:14:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-08-14 10:14:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-08-14 10:14:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-08-14 10:14:18 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-08-14 10:14:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-08-14 10:14:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-08-14 10:14:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-08-14 10:14:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-08-14 10:14:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-08-14 10:14:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-08-14 10:14:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-08-14 10:14:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-08-14 10:14:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-08-14 10:14:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-08-14 09:26:19 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-08-14 09:26:18 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013-08-14 09:26:18 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-08-14 09:25:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013-08-14 09:25:41 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013-08-14 09:25:36 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013-08-14 09:25:33 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-08-14 09:25:32 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-08-14 09:25:32 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-08-14 09:25:32 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-08-14 09:25:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013-08-14 09:25:32 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-08-14 09:25:31 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013-08-14 09:25:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013-08-14 09:25:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013-08-14 09:25:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-08-14 09:25:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013-08-14 09:25:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013-08-14 09:25:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013-08-14 09:25:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013-08-14 09:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013-08-14 09:25:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-08-14 09:25:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013-08-14 09:25:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-08-14 09:25:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013-08-14 09:25:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013-08-14 09:25:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-08-14 09:25:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013-08-14 09:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013-08-14 09:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013-08-14 09:25:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-08-02 15:19:38 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2013-08-02 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\systweak [2013-07-21 21:06:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013-07-18 19:36:51 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\muzyka [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-08-15 08:11:49 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-08-15 08:11:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-08-15 08:11:35 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys [2013-08-15 08:07:22 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-08-15 08:07:22 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-08-15 07:59:37 | 000,000,238 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013-08-15 07:50:05 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-08-15 06:55:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-08-14 22:37:42 | 000,001,436 | ---- | M] () -- C:\Users\Julia\Desktop\muzyka.lnk [2013-08-14 22:29:55 | 000,001,368 | ---- | M] () -- C:\Users\Julia\Desktop\Wyczyść rejestr za darmo!.lnk [2013-08-14 22:22:50 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2013-07-27 10:46:03 | 000,543,306 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0424.JPG [2013-07-26 22:15:12 | 000,000,055 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\WB.CFG [2013-07-26 07:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-07-26 07:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-07-26 07:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-07-26 07:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-07-26 07:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-07-26 07:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-07-26 07:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-07-26 07:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-07-26 05:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-07-26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-07-26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-07-26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-07-26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-07-26 04:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-07-26 03:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-07-25 11:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013-07-25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013-07-20 07:59:33 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-07-20 07:59:33 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-07-20 07:59:33 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-07-20 07:59:33 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-07-20 07:59:33 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-07-18 09:53:17 | 000,064,419 | ---- | M] () -- C:\Users\Julia\Desktop\pko_trans_details_130718_095322.pdf [2013-07-17 13:57:27 | 000,064,294 | ---- | M] () -- C:\Users\Julia\Desktop\muzyka.pdf [2013-07-16 10:48:29 | 000,633,242 | ---- | M] () -- C:\Users\Julia\Desktop\oliwia.jpg [2013-07-16 10:48:29 | 000,633,242 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0385.JPG [2013-07-16 10:39:03 | 000,629,071 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0378.JPG [2013-07-16 10:38:59 | 000,623,183 | ---- | M] () -- C:\Users\Julia\Desktop\DSC_0380.JPG [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-08-15 06:55:12 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-08-14 22:34:31 | 000,000,238 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013-08-14 22:22:50 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2013-08-11 22:15:03 | 000,001,368 | ---- | C] () -- C:\Users\Julia\Desktop\Wyczyść rejestr za darmo!.lnk [2013-07-27 10:46:03 | 000,543,306 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0424.JPG [2013-07-26 22:15:12 | 000,000,055 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\WB.CFG [2013-07-18 09:53:45 | 000,064,419 | ---- | C] () -- C:\Users\Julia\Desktop\pko_trans_details_130718_095322.pdf [2013-07-17 13:58:11 | 000,064,294 | ---- | C] () -- C:\Users\Julia\Desktop\muzyka.pdf [2013-07-16 10:48:33 | 000,633,242 | ---- | C] () -- C:\Users\Julia\Desktop\oliwia.jpg [2013-07-16 10:47:26 | 000,633,242 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0385.JPG [2013-07-16 10:38:49 | 000,623,183 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0380.JPG [2013-07-16 10:38:45 | 000,629,071 | ---- | C] () -- C:\Users\Julia\Desktop\DSC_0378.JPG [2013-06-15 22:15:18 | 000,000,005 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\WBPU-TTL.DAT [2013-01-07 18:02:52 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012-02-02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-03-23 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\.minecraft [2013-04-05 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\PDF Reader Packages [2013-04-05 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\SumatraPDF [2013-08-14 22:30:06 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\systweak [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 4765 · przez **ordynat** 15 Sie 2013, 08:24

Powinno już być OK.

W Adw-Cleaner kliknij na przycisk Odinstaluj
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.