Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Notebook Toshiba Satellite C650-16N długie uruchamianie

kali91x 08 Kwi 2015 11:16 711 2
  • #1 08 Kwi 2015 11:16
    kali91x
    Poziom 2  

    Dzisiaj podjąłem ponowną próbę naprawy laptopa mojej siostry. Pierwsze podejście było 3 miesiące temu. Wtedy oczyściłem dysk ze zbędnych śmieci uporządkowałem autostart oraz zaaktualizowałem antywira który nie był aktualny. Problem pozostał. A więc bardzo długie uruchamianie, czarny ekran, dźwięk 'plumkania" dobiegający jakby z dysku. Po 3-5 minutach powoli pojawia się ekran Toshiby a później pulpit. Po 1 minucie dopiero dźwięk Windowsa. Każdy klik na ikony jest też spowolniony może o sekunde. Podejrzewałem dysk bo dźwięk plumkania dochodzi stamtąd lecz po pojawieniu się pulpitu jest cicho. Mojej drugiej siostry laptop też wydawał takie dźwięki ale dysk padł całkowicie a tutaj system pracuję normalnie poza tym, że długo się loguję do systemu. Problem jest taki sam w trybie awaryjnym. Proszę o pomoc bo na laptopach za bardzo się nie znam.

    0 2
  • #2 09 Kwi 2015 15:48
    kali91x
    Poziom 2  

    Dodaje raport z OTL

    OTL logfile created on: 2015-04-09 15:00:29 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = F:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17280)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    1,87 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 51,94% Memory free
    3,74 Gb Paging File | 2,72 Gb Available in Paging File | 72,74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,44 Gb Total Space | 75,61 Gb Free Space | 64,93% Space Free | Partition Type: NTFS
    Drive D: | 116,05 Gb Total Space | 57,86 Gb Free Space | 49,86% Space Free | Partition Type: NTFS
    Drive F: | 3,74 Gb Total Space | 2,24 Gb Free Space | 59,80% Space Free | Partition Type: FAT32

    Computer Name: TOSHIBA | User Name: Milena | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2015-04-09 14:35:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
    PRC - [2015-03-17 13:01:53 | 000,704,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2015-03-17 13:01:53 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2015-03-17 13:01:52 | 000,703,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
    PRC - [2014-11-21 07:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    PRC - [2014-11-21 07:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    PRC - [2012-06-13 15:07:05 | 000,224,096 | ---- | M] () -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    PRC - [2010-08-27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    PRC - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014-08-19 00:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)




    SRV:64bit: - [2010-02-05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009-07-28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009-04-30 17:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV - [2015-03-17 13:02:02 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2015-03-17 13:01:53 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2014-11-26 18:40:36 | 000,114,800 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014-11-21 07:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014-09-28 16:57:02 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014-03-21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2014-03-07 03:41:19 | 000,240,720 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Huawei E3372)
    SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2012-06-13 15:07:05 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
    SRV - [2011-03-14 17:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
    SRV - [2010-08-27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2010-05-11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
    SRV - [2010-01-28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
    SRV - [2009-10-06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2015-04-09 14:52:43 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV:64bit: - [2015-03-17 13:01:54 | 000,132,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2015-03-17 13:01:54 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2015-03-17 13:01:53 | 000,128,536 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2013-02-12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2012-12-24 22:55:30 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
    DRV:64bit: - [2012-06-13 15:07:10 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
    DRV:64bit: - [2012-06-13 15:07:10 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV:64bit: - [2012-06-13 15:07:10 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2012-06-13 15:07:10 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
    DRV:64bit: - [2012-06-13 15:07:10 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
    DRV:64bit: - [2012-06-13 15:07:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV:64bit: - [2012-06-13 15:07:09 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
    DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-10-17 13:39:50 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
    DRV:64bit: - [2010-06-23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010-04-28 11:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2010-03-22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2010-03-10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010-01-07 09:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009-07-30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009-07-14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-06-04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009-05-01 01:03:08 | 006,377,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2009-04-30 16:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009-04-30 16:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141006
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{AD92B719-5C59-41A5-9315-3D735319CADC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141006
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{A5C7CBD3-922B-4E8A-8C52-947A72797592}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141006
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{9DB0478E-901A-4703-BACA-7418DCCF9E57}: "URL" = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
    IE - HKCU\..\SearchScopes\{AD92B719-5C59-41A5-9315-3D735319CADC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{C85CED6C-DB72-42D1-B1DA-9B64A843216E}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.isUS: false
    FF - prefs.js..browser.startup.homepage: "www.google.pl"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Milena\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Milena\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014-12-28 21:51:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-12-28 21:51:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    [2014-12-28 21:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milena\AppData\Roaming\mozilla\Extensions
    [2015-02-05 16:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milena\AppData\Roaming\mozilla\Firefox\Profiles\bu9i77uq.default\extensions
    [2014-10-06 10:09:10 | 000,000,000 | ---D | M] ("Web Finder Pro") -- C:\Users\Milena\AppData\Roaming\mozilla\Firefox\Profiles\bu9i77uq.default\extensions\{9802047e-5a84-4da3-b103-c55995d147d1}
    [2014-10-06 10:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milena\AppData\Roaming\mozilla\Firefox\Profilesbu9i77uq.default\extensions
    [2014-10-06 10:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milena\AppData\Roaming\mozilla\Firefox\Profilesbu9i77uq.default\extensions\staged
    [2014-12-28 21:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2014-09-26 00:31:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012-03-06 18:48:31 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
    [2012-03-06 18:48:31 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
    [2012-03-06 18:48:31 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
    [2012-03-06 18:48:31 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
    [2012-03-06 18:48:31 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
    [2012-03-06 18:48:31 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

    ========== Chrome ==========

    CHR - default_search_provider: (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Milena\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Milena\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Milena\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Milena\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - Extension: No name found = C:\Users\Milena\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.0_0\
    CHR - Extension: No name found = C:\Users\Milena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1\
    CHR - Extension: No name found = C:\Users\Milena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\Milena\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.0_0\
    CHR - Extension: No name found = C:\Users\Milena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1\
    CHR - Extension: No name found = C:\Users\Milena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

    O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63051EFB-8D3F-4619-8D90-23A6BD827C0B}: DhcpNameServer = 192.168.8.1 192.168.8.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6F67093-6E36-4417-936A-A608D148C4C8}: DhcpNameServer = 192.168.8.1 192.168.8.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{009d46ec-b2b9-11e0-93b6-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{009d46ec-b2b9-11e0-93b6-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1075e56a-9471-11e0-9278-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1075e56a-9471-11e0-9278-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1891c0bc-6bd8-11e0-99ab-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1891c0bc-6bd8-11e0-99ab-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1891c0c2-6bd8-11e0-99ab-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1891c0c2-6bd8-11e0-99ab-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{198abd1b-4b5c-11e0-a426-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{198abd1b-4b5c-11e0-a426-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{198abd1d-4b5c-11e0-a426-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{198abd1d-4b5c-11e0-a426-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{198abd23-4b5c-11e0-a426-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{198abd23-4b5c-11e0-a426-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{198abd2e-4b5c-11e0-a426-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{198abd2e-4b5c-11e0-a426-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{271b8fd3-682f-11e3-9a94-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{271b8fd3-682f-11e3-9a94-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{271b8fd6-682f-11e3-9a94-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{271b8fd6-682f-11e3-9a94-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{271b8fdb-682f-11e3-9a94-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{271b8fdb-682f-11e3-9a94-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{28d2514d-b2ba-11e0-8edc-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{28d2514d-b2ba-11e0-8edc-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{2bf5b46b-63b5-11e0-a48a-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{2bf5b46b-63b5-11e0-a48a-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{37cdb203-9473-11e0-b1db-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{37cdb203-9473-11e0-b1db-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{438a67de-759a-11e3-a7dd-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{438a67de-759a-11e3-a7dd-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{4ec6215d-01a2-11e3-85de-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{4ec6215d-01a2-11e3-85de-88ae1df5b3b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{4ec62162-01a2-11e3-85de-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{4ec62162-01a2-11e3-85de-88ae1df5b3b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{4ec62167-01a2-11e3-85de-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{4ec62167-01a2-11e3-85de-88ae1df5b3b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{4ec62178-01a2-11e3-85de-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{4ec62178-01a2-11e3-85de-88ae1df5b3b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{5cc4d6f1-835b-11e1-ad7e-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{5cc4d6f1-835b-11e1-ad7e-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{681a372b-6bd7-11e0-b1dc-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{681a372b-6bd7-11e0-b1dc-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6cd12c70-476a-11e0-a303-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{6cd12c70-476a-11e0-a303-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6cd12c72-476a-11e0-a303-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{6cd12c72-476a-11e0-a303-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6cd12c7b-476a-11e0-a303-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{6cd12c7b-476a-11e0-a303-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{83ef6455-dccc-11e1-b3a7-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{83ef6455-dccc-11e1-b3a7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{9113b570-ab57-11e2-b4d0-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{9113b570-ab57-11e2-b4d0-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{92e141cc-95fc-11e0-9261-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{92e141cc-95fc-11e0-9261-88252c97940b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{99bb05d5-1194-11e4-a4e1-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{99bb05d5-1194-11e4-a4e1-88ae1df5b3b6}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{9da81cbb-b557-11e1-b4e8-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{9da81cbb-b557-11e1-b4e8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{9da81d11-b557-11e1-b4e8-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{9da81d11-b557-11e1-b4e8-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{aee0941e-761c-11e2-b001-c66f2618c111}\Shell - "" = AutoRun
    O33 - MountPoints2\{aee0941e-761c-11e2-b001-c66f2618c111}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b4709aec-8222-11e3-bbfa-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{b4709aec-8222-11e3-bbfa-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b4709aef-8222-11e3-bbfa-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{b4709aef-8222-11e3-bbfa-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b4709b03-8222-11e3-bbfa-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{b4709b03-8222-11e3-bbfa-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b4709b06-8222-11e3-bbfa-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{b4709b06-8222-11e3-bbfa-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c59df99f-a14a-11e2-8dcb-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{c59df99f-a14a-11e2-8dcb-88ae1df5b3b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c59df9a2-a14a-11e2-8dcb-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{c59df9a2-a14a-11e2-8dcb-88ae1df5b3b6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{cc94b1cf-b59c-11e1-9360-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc94b1cf-b59c-11e1-9360-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{cc94b1d4-b59c-11e1-9360-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc94b1d4-b59c-11e1-9360-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d523bf6f-8448-11e3-8756-88ae1df5b3b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{d523bf6f-8448-11e3-8756-88ae1df5b3b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d9edf73b-a76e-11e2-8ab9-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9edf73b-a76e-11e2-8ab9-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d9edf740-a76e-11e2-8ab9-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9edf740-a76e-11e2-8ab9-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{dd73fdf4-df2f-11e1-92d9-f1000b095a60}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd73fdf4-df2f-11e1-92d9-f1000b095a60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{ee99c1d1-3dad-11e4-8338-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{ee99c1d1-3dad-11e4-8338-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f168ef69-029a-11e3-b07d-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{f168ef69-029a-11e3-b07d-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f42186f0-5251-11e1-b9b5-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{f42186f0-5251-11e1-b9b5-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f42186f4-5251-11e1-b9b5-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{f42186f4-5251-11e1-b9b5-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{fb4fa96c-6bd9-11e0-8e2d-88252c97940b}\Shell - "" = AutoRun
    O33 - MountPoints2\{fb4fa96c-6bd9-11e0-8e2d-88252c97940b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{fc895fd4-540b-11e2-9edf-fc6a7f4b4416}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc895fd4-540b-11e2-9edf-fc6a7f4b4416}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Ppview32.exe \Obrzędowosc1.pps
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2015-04-08 21:56:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2015-04-08 10:36:10 | 000,000,000 | ---D | C] -- C:\Users\Milena\AppData\Roaming\Avira
    [2015-04-08 10:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2015-04-08 10:33:08 | 000,132,120 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2015-04-08 10:33:08 | 000,128,536 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2015-04-08 10:33:08 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2015-04-08 10:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2015-04-08 10:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [96 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2015-04-09 15:02:05 | 004,661,762 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
    [2015-04-09 15:02:05 | 002,037,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2015-04-09 15:02:05 | 001,526,398 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
    [2015-04-09 15:02:05 | 001,446,028 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2015-04-09 15:02:05 | 000,006,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2015-04-09 14:59:39 | 000,019,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015-04-09 14:59:39 | 000,019,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015-04-09 14:52:43 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2015-04-09 14:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015-04-09 14:38:58 | 1504,350,208 | -HS- | M] () -- C:\hiberfil.sys
    [2015-04-09 09:54:57 | 000,001,735 | ---- | M] () -- C:\Users\Milena\Desktop\Huawei E3372.lnk
    [2015-04-08 10:35:11 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2015-03-17 13:01:54 | 000,132,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2015-03-17 13:01:54 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2015-03-17 13:01:53 | 000,128,536 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [96 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2015-04-08 10:35:11 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2014-10-07 10:33:54 | 000,007,605 | ---- | C] () -- C:\Users\Milena\AppData\Local\Resmon.ResmonCfg
    [2014-07-29 23:03:18 | 000,004,171 | ---- | C] () -- C:\Users\Milena\Unieście 2014 dzień 4 021 skrót.lnk
    [2014-07-15 21:31:04 | 003,564,215 | ---- | C] () -- C:\Users\Milena\016.JPG
    [2014-06-16 00:20:09 | 000,168,029 | ---- | C] () -- C:\Users\Milena\dyplom 1.jpg
    [2014-02-02 11:42:02 | 000,951,887 | ---- | C] () -- C:\Users\Milena\025.jpg
    [2013-12-25 03:11:56 | 000,037,794 | ---- | C] () -- C:\Users\Milena\18.jpg
    [2013-12-25 03:10:15 | 000,016,961 | ---- | C] () -- C:\Users\Milena\909.jpg
    [2012-01-28 00:21:37 | 003,734,906 | ---- | C] () -- C:\Users\Milena\wywrota-gitara-chwyty.pdf
    [2011-04-19 21:21:59 | 000,009,216 | ---- | C] () -- C:\Users\Milena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-03-05 23:13:23 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014-06-25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >

    0
  • #3 13 Kwi 2015 12:47
    kali91x
    Poziom 2  

    pomoże ktoś ?

    0