ADVERTISEMENT

OTL.Txt

Dell Studio 1558 - Analiza logów, częste zacinanie się systemu

Witam, bardzo proszę o sprawdzenie logów, komputer zaczął coraz częściej się zacinać (blokuje się i nic nie można zrobić).


Download file - link to post

OTL logfile created on: 2013-10-25 21:44:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Iwona\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,93 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 49,95% Memory free
7,87 Gb Paging File | 5,64 Gb Available in Paging File | 71,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 22,88 Gb Free Space | 11,72% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 62,66 Gb Free Space | 23,17% Space Free | Partition Type: NTFS
Drive G: | 14,83 Gb Total Space | 5,45 Gb Free Space | 36,72% Space Free | Partition Type: FAT32

Computer Name: IWONA-KOMPUTER | User Name: Iwona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-10-25 21:43:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Downloads\OTL.exe
PRC - [2013-10-24 22:35:32 | 008,281,416 | ---- | M] (Pokki) -- C:\Users\Iwona\AppData\Local\Pokki\Engine\pokki.exe
PRC - [2013-10-14 09:30:29 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Iwona\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013-10-13 01:42:34 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013-10-10 18:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\Iwona\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-10-09 02:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-10-10 18:09:30 | 003,558,400 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-10-09 02:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013-10-09 02:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013-10-09 02:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013-10-09 02:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013-10-09 02:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013-10-09 02:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013-09-07 04:11:18 | 000,130,048 | ---- | M] () -- C:\Users\Iwona\AppData\Local\Pokki\Engine\libegl.dll
MOD - [2013-09-07 04:11:12 | 001,400,846 | ---- | M] () -- C:\Users\Iwona\AppData\Local\Pokki\Engine\avcodec-54.dll
MOD - [2013-09-07 04:11:12 | 000,716,288 | ---- | M] () -- C:\Users\Iwona\AppData\Local\Pokki\Engine\libglesv2.dll
MOD - [2013-09-07 04:11:12 | 000,569,856 | ---- | M] () -- C:\Users\Iwona\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
MOD - [2013-09-07 04:11:12 | 000,222,734 | ---- | M] () -- C:\Users\Iwona\AppData\Local\Pokki\Engine\avformat-54.dll
MOD - [2013-09-07 04:11:12 | 000,151,054 | ---- | M] () -- C:\Users\Iwona\AppData\Local\Pokki\Engine\avutil-51.dll
MOD - [2013-03-13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Dropbox\bin\libcef.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013-08-12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2013-08-12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2013-06-18 17:52:37 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012-09-28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:[b]64bit:[/b] - [2010-03-10 02:38:18 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:[b]64bit:[/b] - [2009-12-14 14:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009-11-02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:[b]64bit:[/b] - [2009-03-03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
SRV - [2013-09-05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-14 14:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe -- (STacSV)
SRV - [2009-11-26 12:53:44 | 000,447,488 | R--- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009-09-30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-09-30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-23 17:02:42 | 000,060,928 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013-06-18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2013-01-12 22:38:25 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012-09-28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012-09-28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-05-14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-06-10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-03-25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2010-03-24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:[b]64bit:[/b] - [2010-03-20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:[b]64bit:[/b] - [2009-12-14 14:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2009-11-02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:[b]64bit:[/b] - [2009-10-12 20:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2009-09-17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009-07-23 14:05:54 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:[b]64bit:[/b] - [2009-07-23 13:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009-07-04 20:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:[b]64bit:[/b] - [2009-07-02 09:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:[b]64bit:[/b] - [2009-07-01 19:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2007-05-14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp & ts=1382626295 & from=cor & uid=TOSHIBAXMK5061GSY_41UET5UUTXX41UET5UUT
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp & ts=1382626295 & from=cor & uid=TOSHIBAXMK5061GSY_41UET5UUTXX41UET5UUT
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp & ts=1382626295 & from=cor & uid=TOSHIBAXMK5061GSY_41UET5UUTXX41UET5UUT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp & ts=1382626295 & from=cor & uid=TOSHIBAXMK5061GSY_41UET5UUTXX41UET5UUT
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp & ts=1382626295 & from=cor & uid=TOSHIBAXMK5061GSY_41UET5UUTXX41UET5UUT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp & ts=1382626295 & from=cor & uid=TOSHIBAXMK5061GSY_41UET5UUTXX41UET5UUT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {19FC8518-D460-413A-8E43-87167A68AEB2}
IE - HKCU\..\SearchScopes\{19FC8518-D460-413A-8E43-87167A68AEB2}: " URL " = http://www.google.com/search?q={searchTerms} & sourceid=ie7 & rls=com.microsoft:en-US & ie=utf8 & oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: " URL " = http://www.google.com/search?q={sear
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyOverride " = & lt; local & gt;


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Iwona\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Iwona\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Iwona\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Iwona\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Iwona\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper: C:\Users\Iwona\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX

[2013-01-12 22:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms} & {google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient} & q={searchTerms} & {google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Iwona\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Iwona\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Iwona\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Iwona\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Iwona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013-06-01 11:21:55 | 000,001,219 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 46.23.70.78 pagead2.googlesyndication.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe " %LOCALAPPDATA%\Pokki\Engine\Launcher.dll " ,RunLaunchPlatform File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Iwona\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Iwona\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Iwona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa & ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa & ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56D53DB7-40B3-44A6-B2A6-70E94144935B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A139BE9-D355-45C6-B908-A74F99229659}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91FEC141-3EFE-4201-80BB-76C34A6193A3}: DhcpNameServer = 80.69.103.78 80.69.102.158
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-06-18 17:31:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{9ee303ef-fda8-11e2-b07b-b8ac6f6803dd}\Shell - " " = AutoRun
O33 - MountPoints2\{9ee303ef-fda8-11e2-b07b-b8ac6f6803dd}\Shell\AutoRun\command - " " = H:\AutoRun.exe
O33 - MountPoints2\{9ee30412-fda8-11e2-b07b-b8ac6f6803dd}\Shell - " " = AutoRun
O33 - MountPoints2\{9ee30412-fda8-11e2-b07b-b8ac6f6803dd}\Shell\AutoRun\command - " " = I:\AutoRun.exe
O33 - MountPoints2\G\Shell - " " = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - " " = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- " %1 " %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- " %1 " %*
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- " %1 " %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-10-25 08:11:44 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\Mozilla
[2013-10-25 08:11:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-10-24 13:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any PDF to DWG Converter
[2013-10-24 13:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Any PDF to DWG Converter
[2013-10-23 10:55:50 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\pendricve
[2013-10-18 10:17:56 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\DRUK
[2013-10-18 04:35:34 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Nowy folder (2)
[2013-10-16 18:34:04 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\beata
[2013-10-13 16:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013-10-13 16:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013-10-11 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\wies
[2013-10-11 01:55:28 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\GALERIA
[2013-10-10 23:47:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-10-10 23:47:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-10-10 23:47:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-10-10 23:47:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-10-10 23:47:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-10-10 23:47:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-10-10 23:47:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-10-10 23:47:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-10-10 23:47:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-10-10 23:47:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-10-10 23:47:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-10-10 23:47:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-10-10 23:47:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-10-10 23:47:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-10-10 23:47:10 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-10-09 07:55:48 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013-10-09 07:55:44 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013-10-09 07:55:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013-10-09 07:55:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013-10-09 07:55:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013-10-09 07:55:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013-10-09 07:55:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013-10-09 07:55:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013-10-09 07:55:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013-10-09 07:51:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013-10-09 07:51:30 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013-10-09 07:51:29 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013-10-09 07:51:13 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-10-09 07:51:13 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-10-09 07:51:13 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-10-09 07:51:13 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013-10-09 07:51:13 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013-10-09 07:51:12 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-10-09 07:51:12 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013-10-09 07:51:12 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-10-09 07:51:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-10-09 07:51:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-10-09 07:51:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-10-09 07:51:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-10-09 07:51:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-10-09 07:50:38 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013-10-09 07:50:38 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013-10-09 07:50:37 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013-10-09 07:50:35 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013-10-09 07:50:35 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013-10-01 00:33:41 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\.oit
[2013-09-30 01:01:56 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
[2013-09-30 01:01:21 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\Pokki
[2013-09-30 01:01:17 | 000,796,496 | ---- | C] (Pokki) -- C:\Users\Iwona\Desktop\Pokki_InstagrilleSetup.exe
[1 C:\Windows\SysNative\*.tmp files - & gt; C:\Windows\SysNative\*.tmp - & gt; ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-10-25 21:47:58 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-10-25 21:45:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-10-25 21:45:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-10-25 21:38:20 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-10-25 21:37:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-10-25 21:37:10 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
[2013-10-25 21:10:09 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1387346268-2685605186-1970004760-1001UA.job
[2013-10-24 14:21:22 | 000,370,941 | ---- | M] () -- C:\Users\Iwona\Desktop\potwierdznei.jpg
[2013-10-24 14:20:41 | 000,337,840 | ---- | M] () -- C:\Users\Iwona\Desktop\Untitled-1.jpg
[2013-10-24 14:19:52 | 000,067,831 | ---- | M] () -- C:\Users\Iwona\Desktop\potw..pdf
[2013-10-24 13:38:54 | 011,249,178 | ---- | M] () -- C:\Users\Iwona\Desktop\105106_0 (2).pdf
[2013-10-24 13:37:26 | 010,977,201 | ---- | M] () -- C:\Users\Iwona\Desktop\107911_0.pdf
[2013-10-24 13:22:42 | 000,030,119 | ---- | M] () -- C:\Users\Iwona\Desktop\a_Image_2.dwg
[2013-10-24 13:22:41 | 000,068,517 | ---- | M] () -- C:\Users\Iwona\Desktop\a_2.dwg
[2013-10-24 13:22:06 | 000,212,005 | ---- | M] () -- C:\Users\Iwona\Desktop\b.pdf
[2013-10-24 13:13:27 | 000,145,372 | ---- | M] () -- C:\Users\Iwona\Desktop\c_Image.dwg
[2013-10-24 13:13:20 | 000,016,102 | ---- | M] () -- C:\Users\Iwona\Desktop\c.dwg
[2013-10-24 13:13:18 | 000,068,517 | ---- | M] () -- C:\Users\Iwona\Desktop\a.dwg
[2013-10-24 13:13:18 | 000,030,119 | ---- | M] () -- C:\Users\Iwona\Desktop\a_Image.dwg
[2013-10-24 13:12:42 | 001,197,858 | ---- | M] () -- C:\Users\Iwona\Desktop\c.pdf
[2013-10-24 13:11:56 | 000,124,205 | ---- | M] () -- C:\Users\Iwona\Desktop\a.pdf
[2013-10-24 13:10:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1387346268-2685605186-1970004760-1001Core.job
[2013-10-24 12:51:42 | 013,708,334 | ---- | M] () -- C:\Users\Iwona\Desktop\105782_0 (1).pdf
[2013-10-24 12:30:46 | 000,000,203 | -H-- | M] () -- C:\Users\Iwona\Documents\Rysunek1.dwl2
[2013-10-24 12:30:46 | 000,000,052 | -H-- | M] () -- C:\Users\Iwona\Documents\Rysunek1.dwl
[2013-10-23 17:19:33 | 010,365,762 | ---- | M] () -- C:\Users\Iwona\Desktop\MAPKA5.pdf
[2013-10-23 10:17:17 | 009,508,963 | ---- | M] () -- C:\Users\Iwona\Desktop\archetzp.pdf
[2013-10-22 23:06:12 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013-10-21 10:59:01 | 008,816,608 | ---- | M] () -- C:\Users\Iwona\Desktop\mapka2.pdf
[2013-10-19 23:58:31 | 000,576,466 | ---- | M] () -- C:\Users\Iwona\Desktop\FD.pdf
[2013-10-19 16:22:30 | 008,937,769 | ---- | M] () -- C:\Users\Iwona\Desktop\11111111111111.pdf
[2013-10-19 14:12:28 | 009,380,352 | ---- | M] () -- C:\Users\Iwona\Desktop\mapka.cdr
[2013-10-19 13:41:25 | 021,231,680 | ---- | M] () -- C:\Users\Iwona\Desktop\pdfff calosc.jpg
[2013-10-19 11:20:01 | 000,137,507 | ---- | M] () -- C:\Users\Iwona\Desktop\14.pdf
[2013-10-19 11:13:27 | 000,124,710 | ---- | M] () -- C:\Users\Iwona\Desktop\13.pdf
[2013-10-19 11:11:09 | 000,194,723 | ---- | M] () -- C:\Users\Iwona\Desktop\11.pdf
[2013-10-19 11:00:04 | 000,185,774 | ---- | M] () -- C:\Users\Iwona\Desktop\10.pdf
[2013-10-19 10:48:21 | 000,125,113 | ---- | M] () -- C:\Users\Iwona\Desktop\9.pdf
[2013-10-19 10:43:50 | 000,155,975 | ---- | M] () -- C:\Users\Iwona\Desktop\8.pdf
[2013-10-19 10:36:34 | 000,197,947 | ---- | M] () -- C:\Users\Iwona\Desktop\7.pdf
[2013-10-19 09:34:08 | 000,260,802 | ---- | M] () -- C:\Users\Iwona\Desktop\5.pdf
[2013-10-18 23:23:10 | 000,244,218 | ---- | M] () -- C:\Users\Iwona\Desktop\6.pdf
[2013-10-18 23:18:31 | 000,173,447 | ---- | M] () -- C:\Users\Iwona\Desktop\4.pdf
[2013-10-18 23:12:30 | 000,224,373 | ---- | M] () -- C:\Users\Iwona\Desktop\Drukuj.pdf
[2013-10-18 22:37:23 | 000,448,197 | ---- | M] () -- C:\Users\Iwona\Desktop\3.pdf
[2013-10-18 22:23:26 | 000,260,269 | ---- | M] () -- C:\Users\Iwona\Desktop\2.pdf
[2013-10-18 22:14:47 | 000,773,544 | ---- | M] () -- C:\Users\Iwona\Desktop\1.pdf
[2013-10-18 14:09:01 | 003,547,789 | ---- | M] () -- C:\Users\Iwona\Desktop\G82B1874.jpg
[2013-10-18 10:35:08 | 000,224,031 | ---- | M] () -- C:\Users\Iwona\Desktop\Jałocha Beata 7_Z_10_2013.pdf
[2013-10-17 20:24:28 | 000,206,572 | ---- | M] () -- C:\Users\Iwona\Desktop\Umowa o świadczenie usług hostelowych PCRF Golikówka.pdf
[2013-10-15 23:19:59 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-10-12 17:50:37 | 000,078,639 | ---- | M] () -- C:\Users\Iwona\Documents\PODKLAD.dwg
[2013-10-12 17:18:29 | 000,001,055 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013-10-11 01:46:14 | 005,046,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-09-30 01:01:18 | 000,796,496 | ---- | M] (Pokki) -- C:\Users\Iwona\Desktop\Pokki_InstagrilleSetup.exe
[1 C:\Windows\SysNative\*.tmp files - & gt; C:\Windows\SysNative\*.tmp - & gt; ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-10-25 10:21:55 | 000,002,246 | ---- | C] () -- C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pixsta.lnk
[2013-10-24 14:21:12 | 000,370,941 | ---- | C] () -- C:\Users\Iwona\Desktop\potwierdznei.jpg
[2013-10-24 14:20:26 | 000,337,840 | ---- | C] () -- C:\Users\Iwona\Desktop\Untitled-1.jpg
[2013-10-24 14:19:52 | 000,067,831 | ---- | C] () -- C:\Users\Iwona\Desktop\potw..pdf
[2013-10-24 13:38:49 | 011,249,178 | ---- | C] () -- C:\Users\Iwona\Desktop\105106_0 (2).pdf
[2013-10-24 13:37:22 | 010,977,201 | ---- | C] () -- C:\Users\Iwona\Desktop\107911_0.pdf
[2013-10-24 13:22:42 | 000,030,119 | ---- | C] () -- C:\Users\Iwona\Desktop\a_Image_2.dwg
[2013-10-24 13:22:41 | 000,068,517 | ---- | C] () -- C:\Users\Iwona\Desktop\a_2.dwg
[2013-10-24 13:22:05 | 000,212,005 | ---- | C] () -- C:\Users\Iwona\Desktop\b.pdf
[2013-10-24 13:13:27 | 000,145,372 | ---- | C] () -- C:\Users\Iwona\Desktop\c_Image.dwg
[2013-10-24 13:13:20 | 000,016,102 | ---- | C] () -- C:\Users\Iwona\Desktop\c.dwg
[2013-10-24 13:13:18 | 000,068,517 | ---- | C] () -- C:\Users\Iwona\Desktop\a.dwg
[2013-10-24 13:13:18 | 000,030,119 | ---- | C] () -- C:\Users\Iwona\Desktop\a_Image.dwg
[2013-10-24 13:12:41 | 001,197,858 | ---- | C] () -- C:\Users\Iwona\Desktop\c.pdf
[2013-10-24 13:11:55 | 000,124,205 | ---- | C] () -- C:\Users\Iwona\Desktop\a.pdf
[2013-10-24 12:51:30 | 013,708,334 | ---- | C] () -- C:\Users\Iwona\Desktop\105782_0 (1).pdf
[2013-10-24 12:30:46 | 000,000,203 | -H-- | C] () -- C:\Users\Iwona\Documents\Rysunek1.dwl2
[2013-10-24 12:30:46 | 000,000,052 | -H-- | C] () -- C:\Users\Iwona\Documents\Rysunek1.dwl
[2013-10-23 17:19:04 | 010,365,762 | ---- | C] () -- C:\Users\Iwona\Desktop\MAPKA5.pdf
[2013-10-23 10:03:12 | 009,508,963 | ---- | C] () -- C:\Users\Iwona\Desktop\archetzp.pdf
[2013-10-19 23:58:29 | 000,576,466 | ---- | C] () -- C:\Users\Iwona\Desktop\FD.pdf
[2013-10-19 16:04:01 | 008,937,769 | ---- | C] () -- C:\Users\Iwona\Desktop\11111111111111.pdf
[2013-10-19 15:36:32 | 008,816,608 | ---- | C] () -- C:\Users\Iwona\Desktop\mapka2.pdf
[2013-10-19 14:12:15 | 009,380,352 | ---- | C] () -- C:\Users\Iwona\Desktop\mapka.cdr
[2013-10-19 14:10:41 | 021,231,680 | ---- | C] () -- C:\Users\Iwona\Desktop\pdfff calosc.jpg
[2013-10-19 11:19:59 | 000,137,507 | ---- | C] () -- C:\Users\Iwona\Desktop\14.pdf
[2013-10-19 11:13:26 | 000,124,710 | ---- | C] () -- C:\Users\Iwona\Desktop\13.pdf
[2013-10-19 11:11:07 | 000,194,723 | ---- | C] () -- C:\Users\Iwona\Desktop\11.pdf
[2013-10-19 10:53:19 | 000,185,774 | ---- | C] () -- C:\Users\Iwona\Desktop\10.pdf
[2013-10-19 10:48:19 | 000,125,113 | ---- | C] () -- C:\Users\Iwona\Desktop\9.pdf
[2013-10-19 10:43:49 | 000,155,975 | ---- | C] () -- C:\Users\Iwona\Desktop\8.pdf
[2013-10-19 09:48:57 | 000,197,947 | ---- | C] () -- C:\Users\Iwona\Desktop\7.pdf
[2013-10-19 09:34:05 | 000,260,802 | ---- | C] () -- C:\Users\Iwona\Desktop\5.pdf
[2013-10-18 23:23:08 | 000,244,218 | ---- | C] () -- C:\Users\Iwona\Desktop\6.pdf
[2013-10-18 23:18:29 | 000,173,447 | ---- | C] () -- C:\Users\Iwona\Desktop\4.pdf
[2013-10-18 23:12:27 | 000,224,373 | ---- | C] () -- C:\Users\Iwona\Desktop\Drukuj.pdf
[2013-10-18 22:37:20 | 000,448,197 | ---- | C] () -- C:\Users\Iwona\Desktop\3.pdf
[2013-10-18 22:23:24 | 000,260,269 | ---- | C] () -- C:\Users\Iwona\Desktop\2.pdf
[2013-10-18 22:14:37 | 000,773,544 | ---- | C] () -- C:\Users\Iwona\Desktop\1.pdf
[2013-10-18 14:08:33 | 003,547,789 | ---- | C] () -- C:\Users\Iwona\Desktop\G82B1874.jpg
[2013-10-18 10:35:07 | 000,224,031 | ---- | C] () -- C:\Users\Iwona\Desktop\Jałocha Beata 7_Z_10_2013.pdf
[2013-10-17 20:24:16 | 000,206,572 | ---- | C] () -- C:\Users\Iwona\Desktop\Umowa o świadczenie usług hostelowych PCRF Golikówka.pdf
[2013-10-13 16:12:54 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013-10-12 17:50:37 | 000,078,639 | ---- | C] () -- C:\Users\Iwona\Documents\PODKLAD.dwg
[2013-09-30 01:02:07 | 000,002,102 | ---- | C] () -- C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[2013-05-25 14:56:49 | 000,007,680 | ---- | C] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-22 22:42:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013-03-08 11:51:59 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2013-02-02 17:17:51 | 000,007,598 | ---- | C] () -- C:\Users\Iwona\AppData\Local\Resmon.ResmonCfg
[2013-01-28 17:57:42 | 006,484,648 | ---- | C] () -- C:\Program Files\R301434.exe
[2013-01-28 13:00:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\bw0h2P1x3.dat
[2013-01-19 13:42:38 | 000,000,015 | ---- | C] () -- C:\Program Files\plugin.ini
[2013-01-13 20:54:41 | 1216,220,336 | ---- | C] () -- C:\Program Files\AutoCAD_2013_English_Win_64bit.exe
[2013-01-13 17:01:45 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-01-13 09:26:55 | 001,638,694 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-01-12 23:05:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-09-28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-09-28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-05-02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 161 bytes - & gt; C:\Users\Iwona\Desktop\pdfff calosc.jpg:com.dropbox.attributes

& lt; End of report & gt;