OTL logfile created on: 12/11/2013 12:17:56 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = d:\users\gayerba\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2.86 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 58.93% Memory free 5.72 Gb Paging File | 4.59 Gb Available in Paging File | 80.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58.22 Gb Total Space | 23.11 Gb Free Space | 39.70% Space Free | Partition Type: NTFS Drive D: | 174.56 Gb Total Space | 106.92 Gb Free Space | 61.25% Space Free | Partition Type: NTFS Computer Name: LPLJELZ4814 | User Name: gayerba | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/12/11 00:11:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\users\gayerba\Desktop\OTL.exe PRC - [2012/04/19 01:00:12 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe PRC - [2010/03/12 19:27:12 | 001,119,048 | ---- | M] (Smith Micro Software, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/11/28 11:29:48 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll MOD - [2012/11/28 11:28:45 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\571e329ec4de8476024e07293d3985c1\System.Core.ni.dll MOD - [2012/11/27 19:58:47 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5a589b643ba2e73a04870e008cb23af2\PresentationFramework.Classic.ni.dll MOD - [2012/11/27 19:58:16 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d94dbbd0c84e503a6a1d192f768b45c8\PresentationFramework.ni.dll MOD - [2012/11/27 19:58:03 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll MOD - [2012/11/27 19:57:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll MOD - [2012/11/27 19:57:53 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46f9cb63a99278b3dd7d91766bf4969e\PresentationCore.ni.dll MOD - [2012/11/27 19:57:41 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll MOD - [2012/11/27 19:57:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll MOD - [2012/11/27 19:57:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll MOD - [2012/11/27 19:57:31 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll MOD - [2012/11/27 19:57:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll MOD - [2010/03/12 19:27:20 | 000,136,040 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll MOD - [2010/03/12 19:26:32 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\pl\SmithMicro.SharedUI.WPF.resources.dll MOD - [2010/03/12 19:26:00 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll MOD - [2010/03/12 19:25:54 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\pl\SmithMicro.UI.ViewModel.resources.dll MOD - [2010/03/12 19:25:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll MOD - [2010/03/12 19:25:40 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll MOD - [2010/03/12 19:25:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll MOD - [2010/03/12 19:25:32 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\pl\SmithMicro.Application.resources.dll MOD - [2010/03/12 19:25:28 | 000,355,328 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll MOD - [2010/03/12 19:24:44 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\pl\SmithMicro.Resources.WPF.resources.dll MOD - [2010/03/12 19:24:40 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll MOD - [2010/03/12 19:24:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll MOD - [2010/03/12 19:24:14 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll MOD - [2010/03/12 19:24:14 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013/01/17 18:45:16 | 000,408,888 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider) SRV:[b]64bit:[/b] - [2013/01/17 18:37:41 | 002,111,800 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient) SRV:[b]64bit:[/b] - [2013/01/17 18:28:17 | 000,318,264 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe -- (AeXAgentSrvHost) SRV:[b]64bit:[/b] - [2013/01/16 08:49:40 | 000,261,632 | ---- | M] () [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe -- (ConfigService) SRV:[b]64bit:[/b] - [2010/01/27 14:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:[b]64bit:[/b] - [2009/12/16 14:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:[b]64bit:[/b] - [2009/11/18 03:19:46 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (nsi) SRV:[b]64bit:[/b] - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (NlaSvc) SRV:[b]64bit:[/b] - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (lmhosts) SRV:[b]64bit:[/b] - [2009/07/08 12:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:[b]64bit:[/b] - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Unknown] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe -- (AESTFilters) SRV:[b]64bit:[/b] - [2003/11/28 12:24:54 | 000,249,856 | ---- | M] (DameWare Development) [On_Demand | Unknown] -- C:\Windows\SysNative\DWRCS.EXE -- (DWMRCS) SRV - [2013/04/09 15:02:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/09 04:19:36 | 001,654,376 | ---- | M] (IBM Corp) [Auto | Unknown] -- c:\Program Files (x86)\Lotus\Notes\SUService.exe -- (LNSUSvc) SRV - [2013/03/09 04:18:24 | 000,037,480 | ---- | M] (IBM Corp) [Auto | Unknown] -- c:\Program Files (x86)\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2013/03/09 04:18:06 | 000,057,448 | ---- | M] (IBM Corp) [Auto | Unknown] -- c:\Program Files (x86)\Lotus\Notes\nslsvice.exe -- (IBM Notes Single Logon) SRV - [2013/03/09 04:17:56 | 005,162,088 | ---- | M] (IBM) [Auto | Unknown] -- c:\Program Files (x86)\Lotus\Notes\nsd.exe -- (IBM Notes Diagnostics) SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/04/19 01:00:16 | 002,601,544 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe -- (SmcService) SRV - [2012/04/19 01:00:16 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe -- (SNAC) SRV - [2012/04/19 01:00:12 | 000,137,208 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe -- (SepMasterService) SRV - [2012/04/02 06:51:40 | 000,797,576 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe -- (awhost32) SRV - [2011/03/06 18:27:00 | 004,298,256 | ---- | M] (Check Point Software Technologies) [Auto | Unknown] -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe -- (TracSrvWrapper) SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Unknown] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/12 19:27:18 | 000,082,760 | ---- | M] (Smith Micro Software, Inc.) [Auto | Unknown] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe -- (SMManager) SRV - [2010/03/04 23:38:02 | 000,071,096 | ---- | M] () [Auto | Unknown] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010/01/19 08:58:12 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Unknown] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe -- (QDLService2kHP) SRV - [2009/11/18 03:19:46 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe -- (STacSV) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Unknown] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe -- (AESTFilters) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/08/15 10:52:26 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant) DRV:[b]64bit:[/b] - [2012/08/14 11:22:53 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2012/04/19 01:00:18 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Unknown] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2012/04/19 01:00:18 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Unknown] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2012/04/19 01:00:18 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2012/04/19 01:00:18 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\symnets.sys -- (SYMNETS) DRV:[b]64bit:[/b] - [2012/04/19 01:00:18 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2012/04/19 01:00:18 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtspx64.sys -- (SRTSPX) DRV:[b]64bit:[/b] - [2012/04/19 01:00:16 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2) DRV:[b]64bit:[/b] - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2010/09/21 10:56:12 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/08/31 11:03:21 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010/08/31 11:03:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2010/08/31 11:03:19 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010/08/31 11:02:58 | 000,503,296 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2010/08/31 11:00:53 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2010/08/31 11:00:12 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010/01/19 08:53:46 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\qcusbnethp2k.sys -- (qcusbnethp2k) DRV:[b]64bit:[/b] - [2010/01/19 08:53:46 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\qcusbserhp2k.sys -- (qcusbserhp2k) DRV:[b]64bit:[/b] - [2010/01/19 08:53:46 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\qcfilterhp2k.sys -- (qcfilterhp2k) DRV:[b]64bit:[/b] - [2010/01/07 09:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:[b]64bit:[/b] - [2009/12/30 16:25:54 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\vnaap.sys -- (vna_ap) DRV:[b]64bit:[/b] - [2009/10/10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2009/10/02 19:23:28 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:[b]64bit:[/b] - [2009/09/19 05:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:[b]64bit:[/b] - [2009/09/19 05:30:14 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:[b]64bit:[/b] - [2009/09/19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:[b]64bit:[/b] - [2009/09/19 05:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:[b]64bit:[/b] - [2009/09/17 18:05:22 | 001,805,104 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2009/07/20 14:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009/07/08 12:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:[b]64bit:[/b] - [2009/07/08 12:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:[b]64bit:[/b] - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:[b]64bit:[/b] - [2009/02/13 20:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2013/12/03 01:22:24 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20131203.011\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/11/29 12:44:29 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/11/29 12:44:28 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/11/13 18:41:00 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20131207.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/09/23 11:22:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20131210.004\ex64.sys -- (NAVEX15) DRV - [2013/09/23 11:22:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20131210.004\eng64.sys -- (NAVENG) DRV - [2012/04/19 01:00:16 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl) DRV - [2009/11/12 14:48:58 | 000,005,504 | ---- | M] () [File_System | On_Demand | Unknown] -- C:\Windows\SysWow64\StarOpen.sys -- (StarOpen) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.numico.net;*.danweb.danet;*.numico.com;10.*;195.*;*.danet;172.*; IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.plwar.danet:8080 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: c:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@radvision.com/ConfClient: D:\users\gayerba\AppData\Local\Radvision\Installer\1.5.0.1\npclientinstmgr.dll (RADVISION Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF [2013/09/29 18:17:53 | 000,000,000 | ---D | M] [2011/04/28 19:24:12 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe (Hewlett-Packard) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IPCheckTool] C:\Program Files (x86)\IPCheckTool\IPCheck.exe (Microsoft) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Check Point Endpoint Security] C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Connection Manager.exe] File not found O4 - HKCU..\Run: [CUCore Agent] D:\users\gayerba\AppData\Local\Radvision\Conference Client\7.16.000.26\confagent.exe (RADVISION Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = plwar.danet O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F851EA7-E5A3-479B-91DB-53532E41A640}: DhcpNameServer = 10.84.12.42 10.84.18.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{887D5B73-A82D-4C75-813E-5ACB08B51056}: NameServer = 217.116.104.104 217.116.100.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA170C4C-DC17-4CC1-A191-0DE5B802BD40}: DhcpNameServer = 8.8.8.8 8.8.4.4 O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\saphtmlp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\sapr3 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O20:[b]64bit:[/b] - AppInit_DLLs: (AMINIT64.DLL) - C:\Windows\SysNative\AMInit64.dll (Altiris Inc) O20 - AppInit_DLLs: (AMINIT32.DLL) - C:\Windows\SysWow64\AMInit32.dll (Altiris Inc) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation) O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{65463897-f92f-11df-b971-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{65463897-f92f-11df-b971-00a0c6000000}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{a268585a-f93e-11df-802e-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{a268585a-f93e-11df-802e-00a0c6000000}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/12/11 00:12:22 | 000,000,000 | ---D | C] -- C:\FRST [2013/12/11 00:11:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\users\gayerba\Desktop\OTL.exe [2013/12/11 00:11:20 | 001,928,212 | ---- | C] (Farbar) -- d:\users\gayerba\Desktop\FRST64.exe [2013/12/10 23:46:54 | 000,060,016 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\ha2ge3.zvv [2013/12/10 23:46:02 | 000,212,992 | ---- | C] (Корпорация Майкрософт) -- C:\ProgramData\3eg2ah.jss [2013/12/09 10:24:59 | 000,000,000 | ---D | C] -- d:\users\gayerba\AppData\Roaming\smkits [2013/12/06 14:48:06 | 000,000,000 | ---D | C] -- d:\users\gayerba\Documents\2014 [2013/11/21 14:18:34 | 000,000,000 | ---D | C] -- d:\users\gayerba\Documents\SAP [2013/11/21 14:18:34 | 000,000,000 | ---D | C] -- d:\users\gayerba\AppData\Roaming\SAP [2013/11/21 14:18:34 | 000,000,000 | ---D | C] -- d:\users\gayerba\AppData\Local\SAP [2013/11/21 13:49:45 | 000,114,688 | ---- | C] (heilerSoftware) -- C:\Windows\SysWow64\h5dlg32.dll [2013/11/21 13:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End [2013/11/21 13:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SAP Shared [2013/11/21 13:49:24 | 004,331,520 | ---- | C] (SAP AG) -- C:\Windows\SysWow64\librfc32.dll [2013/11/21 13:48:59 | 001,708,168 | ---- | C] (SAP, Walldorf) -- C:\Windows\SysWow64\SAPbtmp.dll [1 d:\users\gayerba\AppData\Local\*.tmp files -> d:\users\gayerba\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/12/11 00:11:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\users\gayerba\Desktop\OTL.exe [2013/12/11 00:11:25 | 001,928,212 | ---- | M] (Farbar) -- d:\users\gayerba\Desktop\FRST64.exe [2013/12/10 23:59:27 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/12/10 23:59:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/12/10 23:59:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/12/10 23:55:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/12/10 23:54:54 | 2304,094,208 | -HS- | M] () -- C:\hiberfil.sys [2013/12/10 23:51:41 | 095,025,368 | ---- | M] () -- C:\ProgramData\ha2ge3.fee [2013/12/10 23:51:35 | 000,000,273 | ---- | M] () -- C:\ProgramData\ha2ge3.reg [2013/12/10 23:51:34 | 000,000,000 | ---- | M] () -- C:\ProgramData\ha2ge3.odd [2013/12/10 23:46:04 | 000,000,919 | ---- | M] () -- d:\users\gayerba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ha2ge3.lnk [2013/12/10 23:46:02 | 000,212,992 | ---- | M] (Корпорация Майкрософт) -- C:\ProgramData\3eg2ah.jss [2013/12/10 23:42:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/12/10 10:26:30 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/12/10 10:26:30 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/29 12:37:57 | 000,346,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/11/29 12:25:11 | 000,009,756 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.ukzv9d [2013/11/29 12:03:01 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.gsabba [2013/11/29 11:07:13 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.ow2zdk [2013/11/29 09:23:11 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.tfppm2 [2013/11/28 12:12:51 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.2cbthv [2013/11/28 12:12:48 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.q8xjxz [2013/11/28 08:41:29 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.q4qyx8 [2013/11/27 09:09:24 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.k3d4bj [2013/11/25 14:08:34 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.55azyf [2013/11/22 09:01:47 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.drna58 [2013/11/21 08:55:03 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.zy8xvt [2013/11/19 11:25:55 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.wquius [2013/11/19 08:46:22 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.nxdbtv [2013/11/18 14:07:06 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.dpb9ou [2013/11/18 14:07:06 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.8745hw [2013/11/18 11:36:03 | 000,009,987 | ---- | M] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.vk7jga [1 d:\users\gayerba\AppData\Local\*.tmp files -> d:\users\gayerba\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/12/10 23:46:59 | 000,000,273 | ---- | C] () -- C:\ProgramData\ha2ge3.reg [2013/12/10 23:46:04 | 000,000,919 | ---- | C] () -- d:\users\gayerba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ha2ge3.lnk [2013/12/10 23:46:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\ha2ge3.odd [2013/12/10 23:46:03 | 095,025,368 | ---- | C] () -- C:\ProgramData\ha2ge3.fee [2013/11/29 12:25:11 | 000,009,756 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.ukzv9d [2013/11/29 12:03:01 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.gsabba [2013/11/29 11:07:13 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.ow2zdk [2013/11/29 09:23:11 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.tfppm2 [2013/11/28 12:12:51 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.2cbthv [2013/11/28 12:12:48 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.q8xjxz [2013/11/28 08:41:29 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.q4qyx8 [2013/11/27 09:09:24 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.k3d4bj [2013/11/25 14:08:34 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.55azyf [2013/11/22 09:01:47 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.drna58 [2013/11/21 13:49:45 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll [2013/11/21 13:49:45 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll [2013/11/21 13:49:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll [2013/11/21 13:49:45 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll [2013/11/21 13:49:45 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll [2013/11/21 08:55:03 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.zy8xvt [2013/11/19 11:25:55 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.wquius [2013/11/19 08:46:22 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.nxdbtv [2013/11/18 14:07:06 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.dpb9ou [2013/11/18 14:07:06 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.8745hw [2013/11/18 11:36:03 | 000,009,987 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.vk7jga [2013/10/30 09:54:41 | 000,001,263 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.pbae74 [2013/10/30 08:16:35 | 000,001,263 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.r3r8b5 [2013/10/28 11:11:38 | 000,000,065 | ---- | C] () -- C:\Windows\notes.ini [2013/10/28 08:52:10 | 000,001,263 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.vxerqf [2013/10/28 08:23:29 | 000,001,263 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.g4dedw [2013/09/23 12:12:33 | 000,010,746 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.szes5s [2013/09/23 12:12:33 | 000,010,746 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.oqekqq [2013/09/23 11:17:54 | 000,010,746 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.n6fvbk [2013/09/17 06:07:07 | 000,004,306 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.zd4pb2 [2013/09/16 09:11:38 | 000,010,746 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.vxx3ji [2013/09/05 12:30:50 | 000,004,306 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.8trpvu [2013/08/13 08:33:57 | 000,010,718 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.ysf7vm [2013/08/01 14:50:45 | 000,010,718 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.qw7wka [2013/07/01 07:59:27 | 000,010,718 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.gx7u4p [2013/06/25 17:02:46 | 000,010,786 | ---- | C] () -- d:\users\gayerba\AppData\Local\CPAUTO.tmp.tozgp8 [2013/02/07 14:52:07 | 000,042,195 | ---- | C] () -- d:\users\gayerba\PET.pdf [2013/02/07 13:49:10 | 000,042,705 | ---- | C] () -- d:\users\gayerba\Olefins.pdf [2013/01/11 11:27:52 | 001,597,200 | ---- | C] () -- d:\users\gayerba\20130109_203303.jpg [2012/08/21 07:09:33 | 000,060,864 | ---- | C] () -- d:\users\gayerba\g2mdlhlpx.exe [2011/12/27 12:17:49 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/12/27 12:17:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/03/01 08:33:15 | 000,003,094 | RHS- | C] () -- d:\users\gayerba\ntuser.pol [2010/11/23 17:05:59 | 000,056,186 | RHS- | C] () -- C:\ProgramData\ntuser.pol [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011/08/30 06:21:15 | 014,164,480 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011/08/30 05:28:32 | 012,868,096 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/05/17 21:04:46 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\BESTplayer [2010/12/06 21:36:20 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\Canneverbe Limited [2010/11/26 08:46:03 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\CheckPoint [2010/11/26 21:36:59 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\Gadu-Gadu [2012/11/28 19:48:38 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\Nokia [2010/12/03 14:55:09 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\PC Suite [2013/11/21 14:18:53 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\SAP [2013/12/09 10:24:59 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\smkits [2013/04/25 09:31:16 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\TeamViewer [2012/05/16 15:45:50 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\webex [2010/12/02 21:45:57 | 000,000,000 | ---D | M] -- d:\users\gayerba\AppData\Roaming\Western Digital [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010/11/23 17:06:25 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\瞝ƜɊ [2010/11/23 17:06:25 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\瞝ƜɊ [2010/11/23 17:01:39 | 000,000,052 | ---- | M] ()(C:\Windows\???L) -- C:\Windows\矐Ɯ£ [2010/11/23 17:01:39 | 000,000,052 | ---- | C] ()(C:\Windows\???L) -- C:\Windows\矐Ɯ£ [2010/11/23 15:36:50 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\睄Ɯɉ [2010/11/23 15:36:50 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\睄Ɯɉ [2010/11/23 15:19:25 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\相Ɯɐ [2010/11/23 15:19:25 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\相Ɯɐ [2010/11/23 14:56:31 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\睏Ɯɬ [2010/11/23 14:56:31 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\睏Ɯɬ [2010/09/14 14:46:46 | 000,000,104 | ---- | M] ()(C:\Windows\????) -- C:\Windows\矦Ɯɦ [2010/09/14 14:46:41 | 000,000,104 | ---- | C] ()(C:\Windows\????) -- C:\Windows\矦Ɯɦ < End of report >