Trojan.Generic.KDZ.11309

Konboj · 19 Marca 2013

Kłaniam się.

Mam problem - wczoraj rozesłąny w linku przez skype aktywował mi się wirus z tematu. Nie mogę sobie z nim poradzić.

Avast którego używam przy pełnym skanie nie widzi żadnych zainfekowanych plików. Typ Trojana wykrył Bittdefender online

ale nie mogę nim przeskanować systemu. W tej chwili wygląda to tak że teoretycznie system zachowuje się normalnie

choć strzsznie przymula. Problem największy jest z podłącznym dyskiem zewnętrznym. To jest dysk 2TB z czego ponad 500GB było zajęte. Trojan spowodował że nie widać na nim żadnych plików pomimo że dane teoretycznie były ponad 500GB. Sformatowałęm ten dysk i jak tworze katalog z nazwą wcześniej istniejącą to ona automatycznie znika. Wszelkie fodery z nazwami innymi aniżeli te które były są akceptowane i zapisywane. Dodatkowo przegladarka i system jak wspomniałęm "przymula". Avast czasem wyrzuca komunikaty o wirusie lecz nie przy pełnym skanie. Krzystałem i utworzyłęm raport z combofixa ponieważ chciałęm na inny portel wrzucić moją prośbę. Jednak zdecydowałęm się na ten portal bo zdaje się że ma najlepszą opinię. Załączam wymagane logi

+ dodatkowo log z combofixa.

Poniżej raport z Security Check

Results of screen317's Security Check version 0.99.61

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Internet Security

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java™ 6 Update 20

Java 7 Update 13

Java version out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 10.1.6 Adobe Reader out of Date!

Mozilla Firefox (19.0.2)

Google Chrome 25.0.1364.172

````````Process Check: objlist.exe by Laurent````````

TOSHIBA TOSHIBA Online Product Information TOPI.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast afwServ.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Acha avast wyrzucił tylko wykaz plików których nie skanował w pełnym raporcie

Liczę na pomoc - w razie akichkolwiek dodatkowych danych czekam na info

Z góry dziękuję

pzdr

Konboj

Landuss · 21 Marca 2013

Problem największy jest z podłącznym dyskiem zewnętrznym. To jest dysk 2TB z czego ponad 500GB było zajęte. Trojan spowodował że nie widać na nim żadnych plików pomimo że dane teoretycznie były ponad 500GB. Sformatowałęm ten dysk i jak tworze katalog z nazwą wcześniej istniejącą to ona automatycznie znika. Wszelkie fodery z nazwami innymi aniżeli te które były są akceptowane i zapisywane.

Potrzebny będzie dodatkowy log - Przy podpiętym urządzeniu przenośnym, uruchom USBFix z opcji Listing i pokaż wynikowy raport.

Konboj · 21 Marca 2013

Kłaniam się

Poniżej log z Usbfix. W tej chwili wygląda to tak że Bittdefender też nie wykrywa wirusa a go nie usuwałem żadnym narzędziem.

Jak wspmniałęm wirus wpadł przez link ze skype. Obecnie sytuacja wygląda tak że laptop jest coraz bardziej zamulony.

Teoretycznie w tej chwili mogę tworzyć foldery o starych nazwach na dysku przenośnym i są widoczne. Ale jak wspomniałęm

straszliwie wolno chodzi system i wszelkie programy. Aplikacje z pilkami dzwiękowymi od wczoraj praktycznie nie można słuchać

(zarówno pliki muzyczno filmowe zapisane na dysku jak i odtwarzane online) ponieważ jest straszliwy metaliczny pogłos i przeciągania.

############################## | UsbFix V 7.116 | [Listing]

User: Konrad (Administrator) # KONRAD-TOSH

Updated 16/03/2013 by El Desaparecido

Started at 17:02:35 | 21/03/2013

PC: TOSHIBA (SATELLITE L750D) (x64-based PC)

CPU: AMD A6-3400M APU with Radeon™ HD Graphics (1400)

RAM -> [Total : 5607 | Free : 3065]

BIOS: InsydeH2O Version CCB.03.61.111.20

BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1

WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: avast! Internet Security [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 297 Gb (120 Mb free - 40%) [WINDOWS] # NTFS

D:\ -> Fixed drive # 298 Gb (287 Mb free - 96%) [Data] # NTFS

E:\ -> CD-ROM

F:\ -> Fixed drive # 1863 Gb (1861 Mb free - 100%) [segate] # NTFS

################## | Listing |

[21/03/2013 - 08:42:49 | SHD ] C:\$RECYCLE.BIN

[19/03/2013 - 07:58:02 | D ] C:\Config.Msi

[14/07/2009 - 05:08:56 | SHD ] C:\Documents and Settings

[20/03/2013 - 16:00:48 | ASH | 4409417728] C:\hiberfil.sys

[10/10/2012 - 14:16:18 | RD ] C:\MSOCache

[20/03/2013 - 16:00:50 | ASH | 5879226368] C:\pagefile.sys

[14/07/2009 - 03:20:08 | D ] C:\PerfLogs

[10/03/2013 - 21:35:08 | RD ] C:\Program Files

[19/03/2013 - 07:53:58 | D ] C:\Program Files (x86)

[08/03/2013 - 01:44:30 | D ] C:\ProgramData

[19/03/2013 - 17:07:17 | D ] C:\Qoobox

[14/06/2011 - 19:29:41 | AH | 70] C:\SWSTAMP.TXT

[20/03/2013 - 03:00:27 | SHD ] C:\System Volume Information

[09/09/2012 - 10:54:15 | D ] C:\Toshiba

[21/03/2013 - 17:02:37 | D ] C:\UsbFix

[21/03/2013 - 17:02:37 | A | 1762] C:\UsbFix [Listing 1 ] KONRAD-TOSH.txt

[04/11/2012 - 02:56:16 | A | 751] C:\user.js

[08/09/2012 - 11:50:15 | RD ] C:\Users

[20/03/2013 - 03:18:09 | D ] C:\Windows

[08/09/2012 - 13:00:38 | D ] D:\$RECYCLE.BIN

[23/06/2011 - 21:25:28 | D ] D:\HDDRecovery

[23/06/2011 - 22:19:11 | A | 11] D:\R15744NH.tag

[17/08/2011 - 20:24:41 | SHD ] D:\System Volume Information

[19/03/2013 - 19:43:43 | SHD ] F:\$RECYCLE.BIN

[20/03/2013 - 03:18:23 | SHD ] F:\System Volume Information

################## | E.O.F |

Ps. W jakim formacie mogę tutaj wstawić PrtScn - mam zrobione z aktywności wirusa + z avasta z virus chest listę obiektów które zostały zaatakowane. Być ,oże będą to przydatne informacje.

pzdr

Konrad

Konboj · 22 Marca 2013

Kłaniam się

Dzisiaj wszelkie aplikacje z plikami dzwiękowymi funkcjonują prawidłowo. Nie ogarniam działąnia tego wirusa.

Ps. W jakim formacie mogę tutaj wstawić PrtScn - mam zrobione z aktywności wirusa + z avasta z virus chest listę obiektów które zostały zaatakowane. Być ,oże będą to przydatne informacje.

pzdr

Konrad

Landuss · 24 Marca 2013

Ps. W jakim formacie mogę tutaj wstawić PrtScn - mam zrobione z aktywności wirusa + z avasta z virus chest listę obiektów które zostały zaatakowane. Być ,oże będą to przydatne informacje.

Wstaw na jakiś zewnętrzny hosting, a tutaj wklej linka do niego.

Generalnie ja w logach infekcji nie notuję, są tylko niewielkie śmieci, które usuniemy.

1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://search.bearshare.net"
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=225&systemid=1&sr=0&q=%7BsearchTerms%7D"
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=117&systemid=101&sr=0&q=%7BsearchTerms%7D"
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = "http://dts.search-results.com/sr?src=ieb&gct=ds&appid=20&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2986824105004404&q=%7BsearchTerms%7D"
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&gct=ds&appid=113&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6005735685164270&q=%7BsearchTerms%7D"
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = "http://searchfunmoods.com/results.php?f=4&q=%7BsearchTerms%7D&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0Fzz0F0A0D0E0CtC0A0DtDtN0D0Tzu0CtAyCtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=538011529"
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = "http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=Hitachi_HTS547564A9E384_110619J23A0053C44GBNX&ts=1350693649"
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://search.bearshare.net"
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=225&systemid=1&sr=0&q=%7BsearchTerms%7D"
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=117&systemid=101&sr=0&q=%7BsearchTerms%7D"
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = "http://dts.search-results.com/sr?src=ieb&gct=ds&appid=20&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2986824105004404&q=%7BsearchTerms%7D"
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&gct=ds&appid=113&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6005735685164270&q=%7BsearchTerms%7D"
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q=%7BsearchTerms%7D&barid=%7B6F27DB46-FCE1-44D6-A1EF-7A8C2E952435%7D"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId=1af71ad0000000000000e0ca944c65e9"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "http://www.delta-search.com/?q=%7BsearchTerms%7D&affID=119828&babsrc=SP_ss&mntrId=1af71ad0000000000000e0ca944c65e9"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = "http://search.v9.com/web/?q=%7BsearchTerms%7D"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{58C890FD-760C-4087-95FE-F774EF56EDAD}: "URL" = "http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q=%7BsearchTerms%7D&locale=en_UK&apn_ptnrs=%5EU3&apn_dtid=%5EYYYYYY%5EYY%5EGB&apn_uid=84E12E48-AAC5-49EF-99E0-8881916008A3&apn_sauid=56A57682-B147-48DB-8E97-6E7A50978109"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=225&systemid=1&sr=0&q=%7BsearchTerms%7D"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=117&systemid=101&sr=0&q=%7BsearchTerms%7D"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = "http://dts.search-results.com/sr?src=ieb&gct=ds&appid=20&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2986824105004404&q=%7BsearchTerms%7D"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&gct=ds&appid=113&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6005735685164270&q=%7BsearchTerms%7D"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = "http://mystart.incredibar.com/mb187?a=(6R8KbuD9YP)&search={searchTerms}&i=26"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{EAEFABA5-4EFE-4522-8368-101B4886A572}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q=%7BsearchTerms%7D&SearchSource=4&ctid=CT3220468"
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q=%7BsearchTerms%7D&barid=%7B6F27DB46-FCE1-44D6-A1EF-7A8C2E952435%7D"
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8664889D-ED18-4713-918F-E2BB69D8452B} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{11111111-1111-1111-1111-110211181110} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8664889D-ED18-4713-918F-E2BB69D8452B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
 
:Files
C:\Program Files\IB Updater
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

2. Przez Panel sterowania odinstaluj: Yontoo 1.10.03 / uTorrentControl_v2 Toolbar / Ask Toolbar / Ask Toolbar Updater

Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox.

3. Uruchom AdwCleaner z opcji Delete

4. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras)

Konboj · 24 Marca 2013

Kłaniam się

Wykonałem zalecenia. Poniżej wklejam log z OTL po wykonaniu zaleceń. Prawdopodobnie z wirusem już jest ok. Był u mnie znajomy informatyk któremu wysyłąłęm również logi i on też nie widział żadnych infekcji. Ale jak wspomniałem był, posiedział i udało mu się poddać zainfekowane pliki z HD przenośnego kwarantannie i usunąć. Mam nadzieję żę jest ok bo nic nie wskazuje już na jego obecność. Nawet sztucznie w tej chwili nie mogę wywołać tego wirusa co wcześniej robiłem i miałęm na prtsc. Poniżej log i jeżeli jeszcze mam wykonać jakieś zalecenia to daj znać Wielkie dzieki Landuss - msolidna robota . Choć lapek jeszcze trochę przymula

OTL logfile created on: 2013-03-24 18:26:23 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Konrad\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

5,48 Gb Total Physical Memory | 3,68 Gb Available Physical Memory | 67,30% Memory free
10,95 Gb Paging File | 8,75 Gb Available in Paging File | 79,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,45 Gb Total Space | 45,23 Gb Free Space | 15,21% Space Free | Partition Type: NTFS
Drive D: | 298,33 Gb Total Space | 286,89 Gb Free Space | 96,17% Space Free | Partition Type: NTFS
Drive F: | 1863,02 Gb Total Space | 1860,54 Gb Free Space | 99,87% Space Free | Partition Type: NTFS

Computer Name: KONRAD-TOSH | User Name: Konrad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-03-24 18:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Konrad\Downloads\OTL(1).exe
PRC - [2013-03-24 17:11:00 | 001,037,648 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013-03-08 10:22:15 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-03-06 23:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-03-06 23:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013-01-31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-12-18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-07 13:50:52 | 002,172,864 | ---- | M] (IVONA Software Sp. z o.o.) -- C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe
PRC - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011-01-14 09:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010-12-03 12:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009-07-28 18:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009-03-10 16:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

========== Modules (No Company Name) ==========

MOD - [2013-03-08 10:22:14 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-05-30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-05-30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013-03-06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-03-06 23:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011-05-25 22:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-04-07 11:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011-04-05 17:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010-12-09 15:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010-12-08 13:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010-10-20 12:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010-09-22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-03-13 19:41:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-08 10:22:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-02-07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-01-31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-12-18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011-02-10 07:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011-01-14 09:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-11-29 12:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010-04-12 08:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010-03-18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-28 14:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-10 16:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-03-06 23:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-03-06 23:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-03-06 23:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-03-06 23:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-03-06 23:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-03-06 23:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-03-06 23:33:20 | 000,263,096 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013-03-06 23:33:20 | 000,127,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013-03-06 23:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-03-06 23:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-03-06 23:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012-09-21 09:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-03-01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011-10-01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011-10-01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011-10-01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011-05-25 23:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-05-25 21:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-05-13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011-05-13 02:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011-05-13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011-05-13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011-05-13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011-03-11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-09 09:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011-02-08 17:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011-02-03 17:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-01-27 13:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011-01-27 10:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010-12-17 17:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-12-01 14:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010-11-30 12:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010-11-21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-18 12:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010-09-24 05:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-06-18 14:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009-07-30 18:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009-07-14 13:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-19 17:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009-06-15 11:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009-06-10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009-06-10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009-06-10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{270E80E4-C168-4B44-9861-DE30FDB5C977}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{270E80E4-C168-4B44-9861-DE30FDB5C977}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{306C106B-ACAC-4E37-A041-39AEA910BB57}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_enGB500
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{71C9B581-7C15-4EB6-8289-B6136245108B}: "URL" = https://isearch.avg.com/search?cid={42BAE17D-ABB8-4917-9629-F930FAD47318}&mid=0278261bd325495d96bfca671236eed3-9cd3f5f5180a5124a32f513d96a75502bd23b1e5&lang=pl&ds=ik011&pr=&d=2013-01-13 14:30:49&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{7739AFE7-001F-4077-8B99-64C632D8A61B}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\..\SearchScopes\{B37EF9D6-12EF-42BE-9D5D-B013DE1B5403}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-192333895-627899723-595940092-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-14 19:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Konrad\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-14 13:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Konrad\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-02-19 16:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-03-08 10:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013-03-20 03:17:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Konrad\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-14 13:50:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Konrad\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-02-19 16:06:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-03-08 10:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013-02-22 18:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konrad\AppData\Roaming\Mozilla\Extensions
[2013-02-19 16:06:27 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Konrad\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
[2013-02-14 13:50:23 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Konrad\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
[2013-03-08 10:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-03-08 10:22:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-03-08 10:22:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-02-19 17:25:32 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-19 17:25:32 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-19 17:25:32 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-19 17:25:32 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-19 17:25:32 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-19 17:25:32 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=1AF7E0CA944C65E9
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1_1\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5_0\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5_1\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_1\
CHR - Extension: No name found = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-03-19 17:02:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVONA Software Sp. z o.o.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8664889D-ED18-4713-918F-E2BB69D8452B} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-192333895-627899723-595940092-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.)
O4 - HKU\S-1-5-21-192333895-627899723-595940092-1001..\Run: [iVONA ControlCenter] C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVONA Software Sp. z o.o.)
O4 - HKU\S-1-5-21-192333895-627899723-595940092-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-21-192333895-627899723-595940092-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O4 - Startup: C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4L68NJ Product Registration.lnk = C:\Users\Konrad\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4L68NJ Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-192333895-627899723-595940092-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE4F2353-C0D7-474F-8C6A-80ABC7ED3D6D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-03-24 17:14:50 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-03-24 17:14:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-03-24 17:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013-03-24 17:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013-03-24 17:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013-03-24 17:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013-03-24 17:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013-03-24 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Desktop\Stare dane programu Firefox
[2013-03-24 16:45:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-03-22 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\player
[2013-03-22 21:01:49 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Supreme Savings
[2013-03-22 10:08:03 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-03-22 10:08:03 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-03-19 17:43:52 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Desktop\logi
[2013-03-19 17:22:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-03-19 16:52:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013-03-19 16:38:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-03-19 16:38:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-03-19 16:38:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-03-19 16:36:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-03-19 16:33:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-03-19 15:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013-03-19 15:32:42 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\QuickScan
[2013-03-19 07:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-03-14 19:35:57 | 000,263,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013-03-14 19:35:57 | 000,127,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013-03-14 19:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013-03-14 15:27:08 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Desktop\foto
[2013-03-14 03:03:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-03-14 03:03:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-03-14 03:03:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-03-14 03:03:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-03-14 03:03:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-03-14 03:03:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-03-14 03:03:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-03-14 03:03:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-03-14 03:03:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-03-14 03:03:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-03-14 03:03:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-03-14 03:03:42 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-03-14 03:03:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-03-14 03:03:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-03-14 03:03:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-03-13 19:40:33 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013-03-13 17:08:54 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\{CCB87898-147A-4457-AC33-7DD474B9E088}
[2013-03-10 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\Konrad\.thumbnails
[2013-03-10 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\fontconfig
[2013-03-10 19:57:13 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\gegl-0.2
[2013-03-10 19:57:13 | 000,000,000 | ---D | C] -- C:\Users\Konrad\.gimp-2.8
[2013-03-08 10:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-03-07 21:32:33 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\PhotoScape
[2013-02-28 20:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-02-28 20:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013-02-28 03:00:56 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013-02-28 03:00:56 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013-02-28 03:00:56 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013-02-28 03:00:56 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013-02-28 03:00:51 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-02-28 03:00:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-02-28 03:00:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-02-28 03:00:44 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013-02-28 03:00:44 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-02-28 03:00:44 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-02-28 03:00:44 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-02-28 03:00:44 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-02-28 03:00:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-02-28 03:00:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-02-28 03:00:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-02-28 03:00:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013-02-28 03:00:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013-02-28 03:00:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013-02-28 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013-02-28 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013-02-28 03:00:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013-02-28 03:00:42 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013-02-28 03:00:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-02-28 03:00:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-02-28 03:00:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-02-28 03:00:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-02-28 03:00:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-02-28 03:00:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-02-28 03:00:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-02-28 03:00:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-02-28 03:00:41 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013-02-28 03:00:41 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013-02-28 03:00:41 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013-02-28 03:00:40 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013-02-28 03:00:39 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013-02-28 03:00:39 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013-02-28 03:00:39 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013-02-28 03:00:38 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013-02-28 03:00:38 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013-02-28 03:00:37 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013-02-28 03:00:36 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013-02-25 19:48:42 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\BESTplayer
[2013-02-25 19:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

========== Files - Modified Within 30 Days ==========

[2013-03-24 18:37:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-24 18:09:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-24 18:07:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-24 18:07:42 | 114,450,431 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-24 18:06:47 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-24 18:06:47 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-24 18:06:28 | 000,000,173 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013-03-24 17:58:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-24 17:42:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-03-24 17:14:27 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-03-24 17:14:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013-03-24 17:14:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013-03-24 17:14:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-03-24 17:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-03-24 17:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-03-24 17:11:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013-03-24 17:07:25 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013-03-23 08:06:53 | 000,614,670 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-03-23 08:06:53 | 000,105,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-03-23 03:28:46 | 000,765,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-03-23 03:28:36 | 000,765,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-03-22 06:35:35 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013-03-21 20:00:17 | 000,001,350 | ---- | M] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4L68NJ Product Registration.lnk
[2013-03-21 18:12:01 | 000,417,322 | ---- | M] () -- C:\Users\Konrad\Desktop\Dok2.pdf
[2013-03-21 18:06:13 | 000,199,168 | ---- | M] () -- C:\Users\Konrad\AppData\Roaming\7076.exe
[2013-03-21 18:01:43 | 000,250,244 | ---- | M] () -- C:\Users\Konrad\Desktop\Dok1.pdf
[2013-03-20 17:10:26 | 000,345,997 | ---- | M] () -- C:\Users\Konrad\Desktop\pliki nieskamowane.pdf
[2013-03-20 17:09:44 | 000,342,472 | ---- | M] () -- C:\Users\Konrad\Documents\pliki nieskamowane.pdf
[2013-03-20 03:19:27 | 000,002,242 | ---- | M] () -- C:\Users\Konrad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-03-19 17:35:20 | 000,000,000 | ---- | M] () -- C:\Users\Konrad\defogger_reenable
[2013-03-19 17:02:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-03-14 19:34:39 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013-03-13 19:40:58 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-03-13 19:40:58 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-03-13 19:40:33 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013-03-10 16:48:36 | 000,093,878 | ---- | M] () -- C:\Users\Konrad\Payslip Industrious.pdf
[2013-03-10 16:31:43 | 000,028,760 | ---- | M] () -- C:\Users\Konrad\payslip za 2012 PT.pdf
[2013-03-07 21:22:58 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013-03-06 23:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-03-06 23:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-03-06 23:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-03-06 23:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-03-06 23:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-03-06 23:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-03-06 23:33:20 | 000,263,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013-03-06 23:33:20 | 000,127,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013-03-06 23:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-03-06 23:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-03-06 23:33:20 | 000,022,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013-03-06 23:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-03-06 23:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-03-04 09:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013-03-04 08:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013-03-03 19:48:17 | 000,001,052 | ---- | M] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2013-02-28 20:47:10 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013-03-24 18:06:06 | 000,000,173 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013-03-24 17:07:25 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013-03-21 18:12:00 | 000,417,322 | ---- | C] () -- C:\Users\Konrad\Desktop\Dok2.pdf
[2013-03-21 18:01:10 | 000,250,244 | ---- | C] () -- C:\Users\Konrad\Desktop\Dok1.pdf
[2013-03-21 17:30:49 | 000,199,168 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\7076.exe
[2013-03-20 17:10:11 | 000,345,997 | ---- | C] () -- C:\Users\Konrad\Desktop\pliki nieskamowane.pdf
[2013-03-20 17:09:44 | 000,342,472 | ---- | C] () -- C:\Users\Konrad\Documents\pliki nieskamowane.pdf
[2013-03-19 17:35:20 | 000,000,000 | ---- | C] () -- C:\Users\Konrad\defogger_reenable
[2013-03-19 16:38:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-03-19 16:38:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-03-19 16:38:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-03-19 16:38:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-03-19 16:38:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-03-19 07:50:05 | 000,002,242 | ---- | C] () -- C:\Users\Konrad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-03-19 07:48:33 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-19 07:48:17 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-14 19:35:55 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-03-14 19:35:53 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-03-14 19:34:39 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013-03-10 16:48:36 | 000,093,878 | ---- | C] () -- C:\Users\Konrad\Payslip Industrious.pdf
[2013-03-10 16:31:43 | 000,028,760 | ---- | C] () -- C:\Users\Konrad\payslip za 2012 PT.pdf
[2013-03-07 21:22:38 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013-03-07 19:08:01 | 000,001,350 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4L68NJ Product Registration.lnk
[2013-02-28 20:47:10 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013-02-19 22:50:32 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013-02-19 22:50:32 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2013-01-13 17:46:10 | 000,143,016 | ---- | C] () -- C:\Windows\hpoins44.dat
[2013-01-13 17:46:10 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2012-10-10 14:30:13 | 000,765,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-10-10 13:58:15 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2012-10-10 13:58:14 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
[2012-09-09 12:01:35 | 000,004,608 | ---- | C] () -- C:\Users\Konrad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-09-08 18:14:24 | 000,007,598 | ---- | C] () -- C:\Users\Konrad\AppData\Local\Resmon.ResmonCfg
[2011-08-17 21:09:51 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011-08-17 20:32:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-08-17 20:30:25 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-09-16 11:49:04 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013-02-25 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\BESTplayer
[2012-09-08 17:54:30 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\DriverCure
[2013-01-24 13:18:07 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\IVONA 2 Voice
[2013-01-13 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\IVONA ControlCenter
[2013-01-28 11:46:21 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\IVONA Reader
[2013-02-21 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\Leadertech
[2012-10-28 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\Moonchild Productions
[2012-09-09 12:01:08 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\MusicNet
[2013-02-18 23:50:08 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\NapiProjekt
[2013-01-01 20:00:28 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\Nico Mak Computing
[2013-03-07 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\PhotoScape
[2013-03-23 08:08:44 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\player
[2013-03-21 09:31:29 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\QuickScan
[2012-10-11 01:30:58 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\SoftGrid Client
[2013-02-19 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\SpeedanAlysis
[2012-09-08 17:54:30 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\SpeedyPC Software
[2012-10-09 14:55:41 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\Sports Interactive
[2013-02-14 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\StatusWinks
[2012-11-04 02:59:30 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\TFP
[2012-09-08 22:06:23 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\Toshiba
[2013-02-05 23:04:57 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\TOSHIBA Online Product Information
[2012-10-10 14:30:55 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\TP
[2013-03-24 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\uTorrent
[2012-09-08 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\WildTangent

========== Purity Check ==========

< End of report >

pzdr

Konrad

Landuss · 25 Marca 2013

To by było wszystko. Wykonaj kroki na zakończenie:

1. Użyj opcji Sprzątanie z OTL.

2. Opróżnij przywracanie systemu: KLIK

3. Zaktualizuj wymienione programy do najnowszych wersji:

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI

Szczegóły aktualizacyjne: KLIK

Zaloguj się

Trojan.Generic.KDZ.11309

Rekomendowane odpowiedzi

Konboj

Odnośnik do komentarza

Landuss

Odnośnik do komentarza

Konboj

Odnośnik do komentarza

Konboj

Odnośnik do komentarza

Landuss

Odnośnik do komentarza

Konboj

Odnośnik do komentarza

Landuss

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność