Odpowiedz

System uruchamia się baaardzo wolno (około 15 minut)

 
peciaq
VIP

Liczba postów: 5.100
Post: #21

RE: System uruchamia się baaardzo wolno (około 15 minut)


Pobierz program OTL i wykonaj nim skan.

[Obrazek: havensygn.jpg]

23.07.2012 16:52

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
simman
Wdrażany
Liczba postów: 12
Post: #22

RE: System uruchamia się baaardzo wolno (około 15 minut)


(23.07.2012 16:52)peciaq napisał(a):  Pobierz program OTL i wykonaj nim skan.

Dodaje LOG
Kod:
OTL logfile created on:  2012-07-23 18: 01: 20 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C: \Users\Rafal\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale:  00000415 | Country:  Polska | Language:  PLK | Date Format:  yyyy-MM-dd

6,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 48,47% Memory free
12,00 Gb Paging File | 6,96 Gb Available in Paging File | 58,05% Paging File free
Paging file location(s):  c: \pagefile.sys 0 0 [binary data]

%SystemDrive% = C:  | %SystemRoot% = C: \Windows | %ProgramFiles% = C: \Program Files (x86)
Drive C:  | 148,89 Gb Total Space | 49,76 Gb Free Space | 33,42% Space Free | Partition Type:  NTFS
Drive E:  | 232,40 Gb Total Space | 220,03 Gb Free Space | 94,68% Space Free | Partition Type:  NTFS
Drive F:  | 3,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type:  UDF

Computer Name:  RAFAL-KOMPUTER | User Name:  Rafal | Logged in as Administrator.
Boot Mode:  Normal | Scan Mode:  Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist:  On | Skip Microsoft Files:  On | No Company Name Whitelist:  On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-07-23 18: 00: 54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C: \Users\Rafal\Downloads\OTL.exe
PRC - [2012-07-16 10: 59: 22 | 001,147,432 | ---- | M] (WiseCleaner.com) -- C: \Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012-07-12 10: 34: 21 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C: \Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012-06-27 15: 52: 24 | 000,529,232 | ---- | M] (Valve Corporation) -- C: \Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-06-27 15: 51: 35 | 001,242,448 | ---- | M] (Valve Corporation) -- C: \Program Files (x86)\Steam\steam.exe
PRC - [2012-06-17 18: 31: 57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C: \Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-06-06 11: 41: 48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C: \Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012-05-18 00: 15: 02 | 000,151,552 | ---- | M] () -- C: \Windows\KMService.exe
PRC - [2012-05-18 00: 15: 02 | 000,008,192 | ---- | M] () -- C: \Windows\SysWOW64\srvany.exe
PRC - [2012-03-19 13: 38: 47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C: \Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011-08-02 09: 33: 30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C: \Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011-04-24 23: 15: 02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-12 10: 34: 21 | 009,465,032 | ---- | M] () -- C: \Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012-06-27 15: 52: 24 | 020,313,384 | ---- | M] () -- C: \Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-06-27 15: 52: 24 | 001,099,576 | ---- | M] () -- C: \Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-06-27 15: 52: 24 | 000,895,312 | ---- | M] () -- C: \Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-06-27 15: 52: 24 | 000,190,776 | ---- | M] () -- C: \Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-06-27 15: 52: 24 | 000,123,192 | ---- | M] () -- C: \Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-06-17 18: 31: 56 | 002,042,848 | ---- | M] () -- C: \Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-04-24 23: 13: 30 | 007,008,656 | ---- | M] () -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011-04-24 23: 13: 28 | 000,192,912 | ---- | M] () -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011-04-24 23: 13: 26 | 001,270,160 | ---- | M] () -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011-04-24 23: 13: 26 | 000,758,160 | ---- | M] () -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011-04-24 23: 13: 24 | 002,118,032 | ---- | M] () -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011-04-24 23: 13: 24 | 002,089,360 | ---- | M] () -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011-04-20 19: 56: 28 | 000,025,088 | ---- | M] () -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010-01-30 02: 41: 12 | 004,254,560 | ---- | M] () -- C: \Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV: [b]64bit: [/b] - [2012-04-06 04: 16: 02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C: \Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV: [b]64bit: [/b] - [2009-07-14 03: 41: 27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C: \Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV: [b]64bit: [/b] - [2009-07-14 03: 40: 01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C: \Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-07-17 15: 25: 26 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C: \Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012-07-12 10: 34: 21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C: \Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-06-27 15: 52: 24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C: \Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-06-17 18: 31: 56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C: \Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-11 22: 23: 22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C: \Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-05-18 00: 15: 02 | 000,008,192 | ---- | M] () [Auto | Running] -- C: \Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012-03-19 13: 38: 47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C: \Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-01-25 08: 47: 04 | 008,176,640 | ---- | M] () [On_Demand | Stopped] -- c: \wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011-09-26 07: 50: 40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c: \wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011-06-06 12: 55: 28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C: \Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-04-24 23: 15: 02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010-03-30 06: 32: 28 | 134,018,048 | ---- | M] (Oracle Corporation) [Auto | Running] -- c: \app\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE -- (OracleServiceORCL)
SRV - [2010-03-30 06: 30: 20 | 000,045,568 | ---- | M] () [Disabled | Stopped] -- c: \app\oracle\product\11.2.0\dbhome_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)
SRV - [2010-03-30 05: 47: 58 | 000,192,000 | ---- | M] () [On_Demand | Stopped] -- c: \app\oracle\product\11.2.0\dbhome_1\bin\OraVSSW.exe -- (OracleVssWriterORCL)
SRV - [2010-03-18 13: 16: 28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C: \Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-15 20: 48: 10 | 000,518,144 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C: \app\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe -- (OracleOraDb11g_home1TNSListenerLISTENER5)
SRV - [2010-03-15 20: 48: 10 | 000,518,144 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C: \app\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe -- (OracleOraDb11g_home1TNSListenerLISTENER_trening)
SRV - [2010-03-15 20: 48: 10 | 000,518,144 | ---- | M] (Oracle Corporation) [Auto | Running] -- C: \app\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe -- (OracleOraDb11g_home1TNSListener)
SRV - [2010-03-12 08: 05: 26 | 000,083,968 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C: \app\oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe -- (OracleOraDb11g_home1ClrAgent)
SRV - [2010-03-12 05: 59: 36 | 000,081,408 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C: \app\oracle\product\11.2.0\dbhome_1\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2010-03-02 10: 21: 58 | 000,035,328 | ---- | M] (Oracle Corporation) [Auto | Running] -- C: \app\oracle\product\11.2.0\dbhome_1\BIN\nmesrvc.exe -- (OracleDBConsoleorcl)
SRV - [2010-02-19 13: 37: 14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C: \Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 23: 23: 09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C: \Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV: [b]64bit: [/b] - [2012-05-18 00: 04: 43 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C: \Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV: [b]64bit: [/b] - [2012-05-17 23: 21: 01 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C: \Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV: [b]64bit: [/b] - [2012-04-06 07: 22: 40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV: [b]64bit: [/b] - [2012-04-06 03: 10: 44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV: [b]64bit: [/b] - [2012-03-01 08: 46: 16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C: \Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV: [b]64bit: [/b] - [2012-02-23 14: 32: 04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV: [b]64bit: [/b] - [2012-02-11 07: 59: 34 | 000,334,936 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C: \Windows\SysNative\drivers\RsFx0200.sys -- (RsFx0200)
DRV: [b]64bit: [/b] - [2011-05-13 03: 21: 04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV: [b]64bit: [/b] - [2011-05-13 03: 21: 04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV: [b]64bit: [/b] - [2011-05-13 03: 21: 02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV: [b]64bit: [/b] - [2011-05-13 03: 21: 02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV: [b]64bit: [/b] - [2011-05-13 03: 21: 02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV: [b]64bit: [/b] - [2011-03-11 08: 41: 12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV: [b]64bit: [/b] - [2011-03-11 08: 41: 12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV: [b]64bit: [/b] - [2011-03-10 18: 36: 24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C: \Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV: [b]64bit: [/b] - [2011-03-04 13: 23: 28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C: \Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV: [b]64bit: [/b] - [2011-03-04 13: 23: 24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV: [b]64bit: [/b] - [2010-11-21 05: 24: 33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV: [b]64bit: [/b] - [2010-11-21 05: 23: 48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV: [b]64bit: [/b] - [2010-11-21 05: 23: 47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV: [b]64bit: [/b] - [2010-11-21 05: 23: 47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV: [b]64bit: [/b] - [2010-08-24 11: 55: 43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV: [b]64bit: [/b] - [2009-11-25 15: 06: 02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV: [b]64bit: [/b] - [2009-11-02 20: 27: 10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV: [b]64bit: [/b] - [2009-07-14 03: 52: 20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV: [b]64bit: [/b] - [2009-07-14 03: 48: 04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV: [b]64bit: [/b] - [2009-07-14 03: 45: 55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV: [b]64bit: [/b] - [2009-06-10 22: 31: 59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03: 19: 10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C: \Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE: [b]64bit: [/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE: [b]64bit: [/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE: [b]64bit: [/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}:  "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C: \Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http: //search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}:  "URL" = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}:  "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKCU\..\SearchScopes\${searchCLSID}:  "URL" = http: //search.live.com/results.aspx?q={searchTerms}&src={referrer: source?}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}:  "URL" = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}:  "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename:  "Search Results"
FF - prefs.js..browser.search.order.1:  "Search Results"
FF - prefs.js..browser.search.selectedEngine:  "Search Results"
FF - prefs.js..browser.startup.homepage:  "http: //www.searchnu.com/417"
FF - prefs.js..keyword.URL:  "http: //dts.search-results.com/sr?src=ffb&appid=0&systemid=417&sr=0&q="
FF - user.js - File not found

FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  C: \Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  disabled File not found
FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  C: \PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  C: \Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  C: \Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  disabled File not found
FF - HKLM\Software\MozillaPlugins\[url=http: //windows7forum.pl/microsoft-33418-u]Microsoft[/url].com/NpCtrl,version=1.0:  C: \Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  C: \PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  C: \PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450:  C: \Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448:  C: \Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:   File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  C: \Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  C: \Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  C: \Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru:  C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-05-17 23: 40: 05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru:  C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-05-17 23: 40: 05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru:  C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-05-17 23: 40: 05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components:  C: \Program Files (x86)\Mozilla Firefox\components [2012-06-17 18: 31: 57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins:  C: \Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components:  C: \Program Files (x86)\Mozilla Firefox\components [2012-06-17 18: 31: 57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins:  C: \Program Files (x86)\Mozilla Firefox\plugins

[2012-06-16 11: 45: 08 | 000,000,000 | ---D | M] (No name found) -- C: \Users\Rafal\AppData\Roaming\Mozilla\Extensions
[2012-07-09 20: 56: 38 | 000,000,000 | ---D | M] (No name found) -- C: \Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\e5hbq280.default\extensions
[2012-06-16 11: 45: 04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C: \Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\e5hbq280.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012-06-16 11: 44: 50 | 000,002,515 | ---- | M] () -- C: \Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\e5hbq280.default\searchplugins\Search_Results.​xml
[2012-06-17 18: 32: 01 | 000,000,000 | ---D | M] (No name found) -- C: \Program Files (x86)\Mozilla Firefox\extensions
[2012-06-16 11: 45: 08 | 000,000,000 | ---D | M] (DataMngr) -- C: \PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012-07-09 20: 56: 38 | 000,066,808 | ---- | M] () (No name found) -- C: \USERS\RAFAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5HBQ280.DEFAULT\EXTENSIONS\BETA@LINKDIAGNOSIS​.COM.XPI
[2012-06-17 18: 31: 57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C: \Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-06-17 18: 31: 55 | 000,002,767 | ---- | M] () -- C: \Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-06-17 18: 31: 55 | 000,001,406 | ---- | M] () -- C: \Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-06-17 18: 31: 54 | 000,000,917 | ---- | M] () -- C: \Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-06-17 18: 31: 54 | 000,000,858 | ---- | M] () -- C: \Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-06-16 11: 44: 50 | 000,002,515 | ---- | M] () -- C: \Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012-06-17 18: 31: 54 | 000,001,183 | ---- | M] () -- C: \Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-06-17 18: 31: 54 | 000,001,683 | ---- | M] () -- C: \Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File:  ([2012-06-08 16: 17: 15 | 000,000,027 | ---- | M]) - C: \Windows\SysNative\drivers\etc\hosts
O1 - Hosts:  127.0.0.1       localhost
O2: [b]64bit: [/b] - BHO:  (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2: [b]64bit: [/b] - BHO:  (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2: [b]64bit: [/b] - BHO:  (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO:  (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO:  (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C: \Program Files (x86)\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO:  (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO:  (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO:  (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3: [b]64bit: [/b] - HKLM\..\Toolbar:  (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3: [b]64bit: [/b] - HKLM\..\Toolbar:  (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar:  (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar:  (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar:  (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run:  [AVP] C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run:  [DATAMNGR] C: \Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run:  [HDAudDeck] C: \Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run:  [StartCCC] C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run:  [SunJavaUpdateSched] C: \Program Files (x86)\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run:  [DAEMON Tools Lite] C: \Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run:  [Steam] C: \Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoLowDiskSpaceChecks = 1
O8: [b]64bit: [/b] - Extra context menu item:  Dodaj do listy blokowanych banerów - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item:  Dodaj do listy blokowanych banerów - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9: [b]64bit: [/b] - Extra Button:  &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9: [b]64bit: [/b] - Extra Button:  &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button:  &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button:  &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C: \Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF:  {8AD9C840-044E-11D1-B3E9-00805F499D93} http: //java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF:  {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http: //java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF:  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http: //java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:  DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EF8AF25-F491-44A6-9444-5974C03E0C86}:  DhcpNameServer = 192.168.1.1
O18: [b]64bit: [/b] - Protocol\Handler\ms-help - No CLSID value found
O20: [b]64bit: [/b] - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20: [b]64bit: [/b] - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20: [b]64bit: [/b] - HKLM Winlogon:  Shell - (Explorer.exe) - C: \Windows\explorer.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon:  UserInit - (C: \Windows\system32\userinit.exe) - C: \Windows\SysNative\userinit.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon:  VMApplet - (SystemPropertiesPerformance.exe) - C: \Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon:  VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon:  Shell - (Explorer.exe) - C: \Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon:  UserInit - (C: \Windows\SysWOW64\Userinit.exe) - C: \Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon:  VMApplet - (/pagefile) -  File not found
O20: [b]64bit: [/b] - Winlogon\Notify\klogon:  DllName - (%SystemRoot%\System32\klogon.dll) - C: \Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom:  AutoRun - 1
O32 - AutoRun File - [2012-07-12 21: 36: 44 | 000,000,000 | RHSD | M] - C: \Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-07-12 21: 36: 44 | 000,000,000 | RHSD | M] - E: \Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-14 11: 29: 38 | 000,000,122 | R--- | M] () - F: \autorun.inf -- [ UDF ]
O34 - HKLM BootExecute:  (autocheck autochk *)
O35: [b]64bit: [/b] - HKLM\..comfile [open] -- "%1" %*
O35: [b]64bit: [/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows:  (ServerDll=winsrv: UserServerDllInitialization,3)
O38 - SubSystems\\Windows:  (ServerDll=winsrv: ConServerDllInitialization,2)
O38 - SubSystems\\Windows:  (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-07-23 17: 36: 59 | 000,000,000 | ---D | C] -- C: \SymCache
[2012-07-23 17: 16: 59 | 000,000,000 | ---D | C] -- C: \Windows\Minidump
[2012-07-23 16: 27: 02 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
[2012-07-23 16: 27: 02 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft Windows Performance Toolkit
[2012-07-23 16: 15: 05 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.0
[2012-07-23 16: 15: 05 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft SDKs
[2012-07-22 09: 46: 08 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Trend Micro
[2012-07-22 09: 46: 08 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-07-20 15: 19: 27 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Roaming\Wise Care 365
[2012-07-20 15: 18: 32 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2012-07-20 15: 18: 31 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Wise
[2012-07-20 15: 16: 57 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\Nowy folder
[2012-07-20 12: 45: 57 | 000,000,000 | ---D | C] -- C: \Windows\pss
[2012-07-20 11: 55: 15 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\Windows 7 Professional (x64) - DVD (English)
[2012-07-19 12: 06: 01 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\Wywiady
[2012-07-17 13: 42: 04 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\NuGet 1.2
[2012-07-17 13: 29: 49 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft
[2012-07-17 12: 20: 29 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\tablice
[2012-07-17 10: 21: 51 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Documents\SQL Server Management Studio
[2012-07-16 19: 29: 24 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Local\Microsoft_Corporation
[2012-07-16 18: 58: 51 | 000,000,000 | ---D | C] -- C: \Config.Msi
[2012-07-16 18: 53: 44 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft Analysis Services
[2012-07-16 17: 31: 54 | 000,000,000 | ---D | C] -- C: \ProgramData\PreEmptive Solutions
[2012-07-16 16: 45: 17 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2012-07-16 16: 45: 04 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012-07-16 16: 44: 11 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2012-07-16 16: 43: 44 | 000,000,000 | ---D | C] -- C: \ProgramData\VS
[2012-07-16 16: 36: 09 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
[2012-07-16 16: 15: 10 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\SharePoint Designer 2010 (x64) - (English)
[2012-07-16 16: 02: 22 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\SQL Server 2012 Developer Edition (x86 and x64) - DVD (English)
[2012-07-16 14: 35: 59 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\SharePoint Server 2010 (x64) - DVD (English
[2012-07-16 13: 54: 15 | 000,000,000 | ---D | C] -- C: \Windows\SysNative\RsFx
[2012-07-16 13: 53: 22 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft Visual Studio 9.0
[2012-07-16 13: 52: 53 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft.NET
[2012-07-16 13: 51: 32 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012-07-16 13: 48: 48 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Roaming\e-academy Inc
[2012-07-16 13: 48: 48 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Local\e-academy Inc
[2012-07-16 13: 48: 09 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft SQL Server
[2012-07-16 13: 47: 33 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Microsoft SQL Server
[2012-07-16 13: 47: 24 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012-07-16 13: 47: 09 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft Sync Framework
[2012-07-16 13: 47: 01 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft Synchronization Services
[2012-07-16 13: 47: 01 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft SQL Server Compact Edition
[2012-07-16 13: 42: 53 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012-07-16 13: 42: 33 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Microsoft Silverlight
[2012-07-16 13: 40: 07 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Microsoft ASP.NET
[2012-07-16 13: 39: 56 | 000,000,000 | ---D | C] -- C: \Program Files\IIS
[2012-07-16 13: 39: 56 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\IIS
[2012-07-16 13: 37: 40 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Documents\Visual Studio 2008
[2012-07-16 13: 36: 34 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Documents\Visual Studio 2010
[2012-07-16 13: 31: 05 | 000,000,000 | ---D | C] -- C: \Windows\SysWow64\1033
[2012-07-16 13: 30: 42 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012-07-16 13: 30: 42 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Microsoft Visual Studio 10.0
[2012-07-16 13: 30: 42 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Microsoft F#
[2012-07-16 13: 30: 42 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Common Files\Merge Modules
[2012-07-16 13: 30: 42 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\HTML Help Workshop
[2012-07-16 13: 28: 04 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Microsoft Visual Studio 9.0
[2012-07-16 13: 27: 42 | 000,000,000 | ---D | C] -- C: \Windows\symbols
[2012-07-16 13: 27: 42 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft Visual Studio 10.0
[2012-07-16 13: 27: 42 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Microsoft SDKs
[2012-07-16 13: 27: 42 | 000,000,000 | ---D | C] -- C: \Program Files\Microsoft Help Viewer
[2012-07-16 13: 27: 42 | 000,000,000 | ---D | C] -- C: \Windows\SysNative\1033
[2012-07-12 21: 36: 44 | 000,000,000 | RHSD | C] -- C: \Autorun.inf
[2012-07-12 21: 20: 40 | 000,000,000 | ---D | C] -- C: \UsbFix
[2012-07-03 10: 45: 12 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
[2012-07-03 10: 44: 31 | 000,000,000 | ---D | C] -- C: \wamp
[2012-07-02 16: 54: 50 | 000,000,000 | ---D | C] -- C: \Users\Rafal\j_quetry
[2012-06-27 16: 14: 09 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Local\My Games
[2012-06-27 16: 14: 07 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Documents\My Games
[2012-06-27 16: 10: 42 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012-06-27 15: 51: 25 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Common Files\Steam
[2012-06-27 15: 51: 23 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012-06-27 15: 51: 22 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Steam
[2012-06-25 18: 57: 28 | 000,000,000 | ---D | C] -- C: \Users\Rafal\Desktop\zma
[2012-06-23 22: 54: 19 | 000,000,000 | ---D | C] -- C: \Users\Rafal\AppData\Local\Macromedia

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-07-23 17: 42: 01 | 000,001,046 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-23 17: 41: 58 | 000,128,942 | ---- | M] () -- C: \Users\Rafal\Desktop\prog8.png
[2012-07-23 17: 41: 30 | 000,065,733 | ---- | M] () -- C: \Users\Rafal\Desktop\prog7.png
[2012-07-23 17: 41: 02 | 000,121,584 | ---- | M] () -- C: \Users\Rafal\Desktop\prog6.png
[2012-07-23 17: 40: 46 | 000,079,548 | ---- | M] () -- C: \Users\Rafal\Desktop\prog5.png
[2012-07-23 17: 40: 24 | 000,106,920 | ---- | M] () -- C: \Users\Rafal\Desktop\prog4.png
[2012-07-23 17: 40: 04 | 000,064,680 | ---- | M] () -- C: \Users\Rafal\Desktop\prog3.png
[2012-07-23 17: 39: 46 | 000,088,345 | ---- | M] () -- C: \Users\Rafal\Desktop\prog2.png
[2012-07-23 17: 39: 28 | 000,086,866 | ---- | M] () -- C: \Users\Rafal\Desktop\prog1.png
[2012-07-23 17: 36: 03 | 000,000,000 | ---- | M] () -- C: \Users\Rafal\summary_boot.xml
[2012-07-23 17: 35: 58 | 000,022,032 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-23 17: 35: 58 | 000,022,032 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-23 17: 34: 51 | 000,153,053 | ---- | M] () -- C: \Windows\SysNative\drivers\klin.dat
[2012-07-23 17: 34: 51 | 000,107,384 | ---- | M] () -- C: \Windows\SysNative\drivers\klick.dat
[2012-07-23 17: 34: 02 | 000,000,930 | ---- | M] () -- C: \Windows\tasks\Adobe Flash Player Updater.job
[2012-07-23 17: 18: 04 | 000,001,042 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-23 17: 17: 31 | 000,000,422 | ---- | M] () -- C: \Windows\tasks\Wise Care 365.job
[2012-07-23 17: 16: 54 | 000,067,584 | --S- | M] () -- C: \Windows\bootstat.dat
[2012-07-23 17: 16: 38 | 638,486,549 | ---- | M] () -- C: \Windows\MEMORY.DMP
[2012-07-23 17: 16: 29 | 536,150,015 | -HS- | M] () -- C: \hiberfil.sys
[2012-07-23 14: 09: 37 | 000,195,041 | ---- | M] () -- C: \Users\Rafal\Desktop\specyfikacja.jpg
[2012-07-22 10: 29: 42 | 000,017,172 | ---- | M] () -- C: \Users\Rafal\Desktop\przed uruchomieniem.png
[2012-07-22 10: 16: 53 | 000,019,324 | ---- | M] () -- C: \Users\Rafal\Desktop\po_uruchomieniu.png
[2012-07-20 15: 18: 32 | 000,001,120 | ---- | M] () -- C: \Users\Public\Desktop\Wise Care 365.lnk
[2012-07-20 13: 34: 48 | 002,619,818 | ---- | M] () -- C: \Windows\SysNative\PerfStringBackup.INI
[2012-07-20 13: 34: 48 | 001,068,812 | ---- | M] () -- C: \Windows\SysNative\perfh015.dat
[2012-07-20 13: 34: 48 | 000,982,576 | ---- | M] () -- C: \Windows\SysNative\perfh009.dat
[2012-07-20 13: 34: 48 | 000,291,256 | ---- | M] () -- C: \Windows\SysNative\perfc015.dat
[2012-07-20 13: 34: 48 | 000,257,296 | ---- | M] () -- C: \Windows\SysNative\perfc009.dat
[2012-07-20 13: 33: 35 | 000,000,890 | ---- | M] () -- C: \Users\Rafal\Desktop\HD Tune.lnk
[2012-07-20 12: 17: 57 | 000,001,908 | ---- | M] () -- C: \Windows\diagwrn.xml
[2012-07-20 12: 17: 57 | 000,001,908 | ---- | M] () -- C: \Windows\diagerr.xml
[2012-07-20 11: 11: 13 | 000,000,183 | ---- | M] () -- C: \Users\Rafal\Desktop\100094764762.sdx
[2012-07-20 11: 06: 54 | 156,432,363 | ---- | M] () -- C: \Users\Rafal\Desktop\video-2012-07-20-12-53-56.mp4
[2012-07-17 20: 03: 48 | 000,000,246 | ---- | M] () -- C: \Users\Rafal\Desktop\skanuj0001.jpg.URL
[2012-07-17 12: 36: 40 | 047,578,240 | ---- | M] () -- C: \Users\Rafal\Desktop\tablice.zip
[2012-07-16 18: 47: 34 | 001,843,670 | ---- | M] () -- C: \Windows\SysWow64\PerfStringBackup.INI
[2012-07-16 18: 33: 54 | 000,253,191 | ---- | M] () -- C: \Users\Rafal\Desktop\mssql.png
[2012-07-16 15: 53: 28 | 021,647,999 | ---- | M] () -- C: \Users\Rafal\Desktop\Pro SharePoint 2010 Business Intelligence Solutions.pdf
[2012-07-16 15: 50: 10 | 024,356,243 | ---- | M] () -- C: \Users\Rafal\Desktop\Professional_ASP.NET_4_in_C__and_VB.pdf
[2012-07-16 15: 44: 16 | 013,088,268 | ---- | M] () -- C: \Users\Rafal\Desktop\Pro.ASP.NET.MVC.3.Framework.pdf
[2012-07-16 13: 56: 51 | 000,098,071 | ---- | M] () -- C: \Users\Rafal\Desktop\MicrosoftSharepointDesigner2010.png
[2012-07-16 13: 51: 30 | 000,102,889 | ---- | M] () -- C: \Users\Rafal\Desktop\MSSQL2012.png
[2012-07-16 13: 48: 48 | 000,003,099 | ---- | M] () -- C: \Users\Rafal\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2012-07-12 21: 39: 37 | 1703,382,515 | ---- | M] () -- C: \UsbFix_Upload_Me_RAFAL-KOMPUTER.zip
[2012-07-09 23: 15: 00 | 000,000,132 | ---- | M] () -- C: \Users\Rafal\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
[2012-06-27 16: 10: 42 | 000,000,220 | ---- | M] () -- C: \Users\Rafal\Desktop\Sid Meier's Civilization V.url
[2012-06-27 16: 00: 27 | 000,000,917 | ---- | M] () -- C: \Users\Public\Desktop\Steam.lnk
[2012-06-25 20: 32: 46 | 000,000,600 | ---- | M] () -- C: \Users\Rafal\AppData\Local\PUTTY.RND

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-23 17: 41: 58 | 000,128,942 | ---- | C] () -- C: \Users\Rafal\Desktop\prog8.png
[2012-07-23 17: 41: 29 | 000,065,733 | ---- | C] () -- C: \Users\Rafal\Desktop\prog7.png
[2012-07-23 17: 41: 02 | 000,121,584 | ---- | C] () -- C: \Users\Rafal\Desktop\prog6.png
[2012-07-23 17: 40: 45 | 000,079,548 | ---- | C] () -- C: \Users\Rafal\Desktop\prog5.png
[2012-07-23 17: 40: 24 | 000,106,920 | ---- | C] () -- C: \Users\Rafal\Desktop\prog4.png
[2012-07-23 17: 40: 04 | 000,064,680 | ---- | C] () -- C: \Users\Rafal\Desktop\prog3.png
[2012-07-23 17: 39: 46 | 000,088,345 | ---- | C] () -- C: \Users\Rafal\Desktop\prog2.png
[2012-07-23 17: 39: 28 | 000,086,866 | ---- | C] () -- C: \Users\Rafal\Desktop\prog1.png
[2012-07-23 17: 34: 01 | 000,000,000 | ---- | C] () -- C: \Users\Rafal\summary_boot.xml
[2012-07-23 17: 15: 34 | 638,486,549 | ---- | C] () -- C: \Windows\MEMORY.DMP
[2012-07-23 14: 09: 37 | 000,195,041 | ---- | C] () -- C: \Users\Rafal\Desktop\specyfikacja.jpg
[2012-07-22 10: 29: 42 | 000,017,172 | ---- | C] () -- C: \Users\Rafal\Desktop\przed uruchomieniem.png
[2012-07-22 10: 16: 53 | 000,019,324 | ---- | C] () -- C: \Users\Rafal\Desktop\po_uruchomieniu.png
[2012-07-22 10: 03: 13 | 000,484,445 | ---- | C] () -- C: \Users\Rafal\Desktop\Silent Runners.vbs
[2012-07-20 15: 19: 33 | 000,000,422 | ---- | C] () -- C: \Windows\tasks\Wise Care 365.job
[2012-07-20 15: 18: 32 | 000,001,120 | ---- | C] () -- C: \Users\Public\Desktop\Wise Care 365.lnk
[2012-07-20 13: 33: 35 | 000,000,890 | ---- | C] () -- C: \Users\Rafal\Desktop\HD Tune.lnk
[2012-07-20 13: 11: 31 | 156,432,363 | ---- | C] () -- C: \Users\Rafal\Desktop\video-2012-07-20-12-53-56.mp4
[2012-07-20 12: 17: 53 | 000,001,908 | ---- | C] () -- C: \Windows\diagwrn.xml
[2012-07-20 12: 17: 53 | 000,001,908 | ---- | C] () -- C: \Windows\diagerr.xml
[2012-07-20 11: 11: 11 | 000,000,183 | ---- | C] () -- C: \Users\Rafal\Desktop\100094764762.sdx
[2012-07-17 20: 03: 48 | 000,000,246 | ---- | C] () -- C: \Users\Rafal\Desktop\skanuj0001.jpg.URL
[2012-07-17 13: 29: 50 | 000,002,019 | ---- | C] () -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012-07-17 12: 32: 06 | 047,578,240 | ---- | C] () -- C: \Users\Rafal\Desktop\tablice.zip
[2012-07-16 18: 33: 53 | 000,253,191 | ---- | C] () -- C: \Users\Rafal\Desktop\mssql.png
[2012-07-16 15: 52: 40 | 021,647,999 | ---- | C] () -- C: \Users\Rafal\Desktop\Pro SharePoint 2010 Business Intelligence Solutions.pdf
[2012-07-16 15: 49: 05 | 024,356,243 | ---- | C] () -- C: \Users\Rafal\Desktop\Professional_ASP.NET_4_in_C__and_VB.pdf
[2012-07-16 15: 43: 32 | 013,088,268 | ---- | C] () -- C: \Users\Rafal\Desktop\Pro.ASP.NET.MVC.3.Framework.pdf
[2012-07-16 13: 56: 51 | 000,098,071 | ---- | C] () -- C: \Users\Rafal\Desktop\MicrosoftSharepointDesigner2010.png
[2012-07-16 13: 51: 30 | 000,102,889 | ---- | C] () -- C: \Users\Rafal\Desktop\MSSQL2012.png
[2012-07-16 13: 48: 48 | 000,003,099 | ---- | C] () -- C: \Users\Rafal\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2012-07-12 21: 37: 25 | 1703,382,515 | ---- | C] () -- C: \UsbFix_Upload_Me_RAFAL-KOMPUTER.zip
[2012-06-27 16: 10: 42 | 000,000,220 | ---- | C] () -- C: \Users\Rafal\Desktop\Sid Meier's Civilization V.url
[2012-06-27 15: 51: 23 | 000,000,917 | ---- | C] () -- C: \Users\Public\Desktop\Steam.lnk
[2012-06-16 00: 02: 18 | 000,000,600 | ---- | C] () -- C: \Users\Rafal\AppData\Local\PUTTY.RND
[2012-06-08 14: 44: 34 | 000,256,000 | ---- | C] () -- C: \Windows\PEV.exe
[2012-06-08 14: 44: 34 | 000,208,896 | ---- | C] () -- C: \Windows\MBR.exe
[2012-06-08 14: 44: 34 | 000,098,816 | ---- | C] () -- C: \Windows\sed.exe
[2012-06-08 14: 44: 34 | 000,080,412 | ---- | C] () -- C: \Windows\grep.exe
[2012-06-08 14: 44: 34 | 000,068,096 | ---- | C] () -- C: \Windows\zip.exe
[2012-05-24 23: 44: 33 | 000,007,647 | ---- | C] () -- C: \Users\Rafal\AppData\Local\Resmon.ResmonCfg
[2012-05-20 08: 36: 41 | 000,000,132 | ---- | C] () -- C: \Users\Rafal\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
[2012-05-18 01: 11: 23 | 001,843,670 | ---- | C] () -- C: \Windows\SysWow64\PerfStringBackup.INI
[2012-05-18 00: 24: 28 | 000,000,000 | ---- | C] () -- C: \Windows\ativpsrm.bin
[2012-05-18 00: 15: 40 | 000,151,552 | ---- | C] () -- C: \Windows\KMService.exe
[2012-05-18 00: 15: 40 | 000,008,192 | ---- | C] () -- C: \Windows\SysWow64\srvany.exe
[2012-05-18 00: 02: 08 | 000,175,616 | ---- | C] () -- C: \Windows\SysWow64\unrar.dll
[2012-05-18 00: 02: 07 | 000,000,038 | ---- | C] () -- C: \Windows\avisplitter.ini
[2012-05-18 00: 02: 06 | 000,650,752 | ---- | C] () -- C: \Windows\SysWow64\xvidcore.dll
[2012-05-18 00: 02: 06 | 000,243,200 | ---- | C] () -- C: \Windows\SysWow64\xvidvfw.dll
[2012-05-18 00: 02: 06 | 000,074,752 | ---- | C] () -- C: \Windows\SysWow64\ff_vfw.dll
[2012-05-17 23: 46: 03 | 000,003,917 | ---- | C] () -- C: \Windows\SysWow64\atipblag.dat
[2012-05-17 23: 22: 45 | 000,017,408 | ---- | C] () -- C: \Users\Rafal\AppData\Local\WebpageIcons.db
[2012-04-06 03: 29: 34 | 000,204,952 | ---- | C] () -- C: \Windows\SysWow64\ativvsvl.dat
[2012-04-06 03: 29: 34 | 000,157,144 | ---- | C] () -- C: \Windows\SysWow64\ativvsva.dat
[2012-03-09 14: 06: 14 | 000,024,576 | ---- | C] () -- C: \Windows\SysWow64\kdbsdk32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012-07-20 14: 56: 58 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\DAEMON Tools Lite
[2012-06-16 11: 33: 19 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\DVDVideoSoft
[2012-07-16 13: 48: 48 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\e-academy Inc
[2012-07-20 14: 56: 57 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\FileZilla
[2012-07-03 10: 48: 03 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\FreeScreenToVideo
[2012-05-22 19: 23: 15 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\Instalacja Oracle
[2012-05-18 00: 20: 23 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\OpenCandy
[2012-07-23 17: 26: 59 | 000,000,000 | ---D | M] -- C: \Users\Rafal\AppData\Roaming\Wise Care 365
[2012-07-19 14: 51: 54 | 000,032,520 | ---- | M] () -- C: \Windows\Tasks\SCHEDLGU.TXT
[2012-07-23 17: 17: 31 | 000,000,422 | ---- | M] () -- C: \Windows\Tasks\Wise Care 365.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

23.07.2012 17:11

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
peciaq
VIP

Liczba postów: 5.100
Post: #23

RE: System uruchamia się baaardzo wolno (około 15 minut)


Wieczorem lub w nocy dostaniesz odpowiedź z analizą loga i skryptem do wykonania w programie OTL.

Logi możesz mi przesłać na maila: peciaq@gmail.com
Powinieneś mieć 2 pliki tekstowe o nazwach OTL i drugi Extras

[Obrazek: havensygn.jpg]
(Ten post był ostatnio modyfikowany: 23.07.2012 17:24 przez peciaq.)

23.07.2012 17:23

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
thermalfake
Ostatni Mohikanin

Liczba postów: 13.580
Post: #24

RE: System uruchamia się baaardzo wolno (około 15 minut)


(23.07.2012 16:49)simman napisał(a):  Chyba podałem już wszystko co mogłem w tym temacie odnośnie mojego problemu.

Ja chcę plik *.etl i xml do analizy a nie te 5 obrazków.
Plik będzie duży więc wrzuć go np na zippyshare.

Edit:
Z pierwszego obrazka już widać jak na dłoni zarejestrowane jest przynajmniej 700s (12 minut).
Coś jest nie tak usługami baz MSSQL oraz Oraclem. Nie wiem ewentualnie jakiego oprogramowania używasz które z tego korzysta.
Po prostu ich procesy za długo wiszą i używają zasobów sprzętowych.
Bardzo długo kotłuje się usługa biometryczna, jest problem z tą usługą -> http://www.blackviper.com/windows-servic...detection/ oraz http://msdn.microsoft.com/en-us/library/...85%29.aspx czyli ogólnie niezły bałagan.

Dobrze by było gdybyś także wyeksportował dziennik zdarzeń systemowych do pliku evtx i udostępnił.

[Obrazek: 2089620800_1406976151.png]

W zamian za pomoc oczekuję poprawnej pisowni. Stop niechlujstwu.
Jak mądrze zadawać pytania? - przejrzyj poradnik na forum.
Nie udzielam porad via PW.
(Ten post był ostatnio modyfikowany: 24.07.2012 00:19 przez thermalfake.)

23.07.2012 23:58

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Illidan
Ekspert

Liczba postów: 1.024
Post: #25

RE: System uruchamia się baaardzo wolno (około 15 minut)


Uruchom "OTL" jako administrator w opcji "Własne opcje skanowania/skrypt" wklej:

Kod:
: OTL
IE: [b]64bit: [/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE: [b]64bit: [/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}:  "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerm s}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C: \Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http: //search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}:  "URL" = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid= 44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={ searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}:  "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerm s}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid= 44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={ searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid= 44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={ searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKCU\..\SearchScopes\${searchCLSID}:  "URL" = http: //search.live.com/results.aspx?q={searchTerms}&src={referrer: source?}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}:  "URL" = http: //feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid= 44fb5bdd-7fbd-4fb9-9eb4-99e81a4f494a&affid=110774&searchtype=ds&babsrc=lnkry&q={ searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}:  "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerm s}
FF - prefs.js..browser.startup.homepage:  "http: //www.searchnu.com/417"
FF - prefs.js..keyword.URL:  "http: //dts.search-results.com/sr?src=ffb&appid=0&systemid=417&sr=0&q="
FF - user.js - File not found
FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  C: \Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
[2012-06-16 11: 45: 08 | 000,000,000 | ---D | M] (DataMngr) -- C: \PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
O3: [b]64bit: [/b] - HKLM\..\Toolbar:  (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3: [b]64bit: [/b] - HKLM\..\Toolbar:  (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar:  (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar:  (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar:  (no name) - 10 - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoLowDiskSpaceChecks = 1
O18: [b]64bit: [/b] - Protocol\Handler\ms-help - No CLSID value found
O20: [b]64bit: [/b] - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20: [b]64bit: [/b] - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs:  (C: \PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C: \Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20: [b]64bit: [/b] - HKLM Winlogon:  VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom:  AutoRun - 1
O32 - AutoRun File - [2012-07-12 21: 36: 44 | 000,000,000 | RHSD | M] - C: \Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-07-12 21: 36: 44 | 000,000,000 | RHSD | M] - E: \Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-14 11: 29: 38 | 000,000,122 | R--- | M] () - F: \autorun.inf -- [ UDF ]

: Files
C: \Windows\pss
C: \Windows\symbols
C: \Autorun.inf
C: \Users\Rafal\j_quetry
C: \Users\Rafal\Desktop\zma

: Commands
[emptytemp]
[emptyflash]
[resethosts]

"Wykonaj skrypt".
Potem podaj raport z usuwania do wglądu.Pokaż też log "Extrass" który nie zmieściłeś.Przeskanuj jeszcze system programem "Malwaresbytes Anti-Malware" i jak coś znajdzie to usuń.Posprzątaj jeszcze system "SlimCleaner" lub "CCleaner".


(Ten post był ostatnio modyfikowany: 24.07.2012 03:18 przez Illidan.)

24.07.2012 03:16

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
simman
Wdrażany
Liczba postów: 12
Post: #26

RE: System uruchamia się baaardzo wolno (około 15 minut)


(24.07.2012 03:16)Illidan napisał(a):  Potem podaj raport z usuwania do wglądu.Pokaż też log "Extrass" który nie zmieściłeś.Przeskanuj jeszcze system programem "Malwaresbytes Anti-Malware" i jak coś znajdzie to usuń.Posprzątaj jeszcze system "SlimCleaner" lub "CCleaner".

Nie wiem co to za skrypt ale skasował mi folder "ZMA" (bardzo mi potrzebny) z pulpitu i na końcu błąd wyskoczył mi coś o host. Nie będę następnym razem korzystał z takich skryptów które nie wiem co robią.

Sprawdzam jeszcze tym Malwarebytes coś tam znalazło:

   
(Ten post był ostatnio modyfikowany: 24.07.2012 10:39 przez simman.)

24.07.2012 10:19

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
thermalfake
Ostatni Mohikanin

Liczba postów: 13.580
Post: #27

RE: System uruchamia się baaardzo wolno (około 15 minut)


Możesz zrobić wykaz oprogramowania np przez belarc (zapisać np do html'a) żebym wiedział co korzysta z baz danych ?

[Obrazek: 2089620800_1406976151.png]

W zamian za pomoc oczekuję poprawnej pisowni. Stop niechlujstwu.
Jak mądrze zadawać pytania? - przejrzyj poradnik na forum.
Nie udzielam porad via PW.

24.07.2012 10:45

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
simman
Wdrażany
Liczba postów: 12
Post: #28

RE: System uruchamia się baaardzo wolno (około 15 minut)


       
(23.07.2012 23:58)thermalfake napisał(a):  
(23.07.2012 16:49)simman napisał(a):  Chyba podałem już wszystko co mogłem w tym temacie odnośnie mojego problemu.

Ja chcę plik *.etl i xml do analizy a nie te 5 obrazków.
Plik będzie duży więc wrzuć go np na zippyshare.

Cześć,

Dołączam ten link co chciałeś http://www8.zippyshare.com/v/46978640/file.html jeśli chodzi o plik .xml to szczerze nie chciał mi się wygenerować. Wszystko robiłem w Start-> Uruchom -> CMD jak widać plik .etl powstał kolejna część tzn. plik .xml nie chciał. Mam nadzieje że to wystarczy. Jeśli chodzi o .jpg wysłałem ich Tobie 8 nie 5 te 3 najważniejsze musiałem dodać do posta wyżej bo jest tutaj limit 5 zdjęć w poście.

Dopisuje do tego posta:

Skasowałem dwa wirusy, wyłączyłem bazę danych oracle a mimo to czas uruchamiania jest i tak bardzo długi. Myślę że nie uda się wam mi pomóc na odległość (na pewno mając przed sobą mój komputer byłoby łatwiej). Moim zdaniem jest coś ze sterownikami że się gryzą bo tak jest od początku instalacji albo jakiś defekt Windows 7(związana ze sprzętem).

Nie mogę zrobić Print Screen dla wszystkich użytkowników bo przycisk jest zacięty. Podczas włączania procesor pracuje na 15-8 % zamiast nie wiem na 100% dodaje jeszcze raz filmik z youtube oraz Print Screen w momencie kiedy mogę zrobić go procesom.

   



(Ten post był ostatnio modyfikowany: 24.07.2012 13:29 przez simman.)

24.07.2012 10:46

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Illidan
Ekspert

Liczba postów: 1.024
Post: #29

RE: System uruchamia się baaardzo wolno (około 15 minut)


Skrypt owy usunął Ci infekcje,dodatkowo jak widać program "MBAM" też znalazł coś.Masz po prostu zawirusowanego kompa i stąd mogą brać się po części twoje problemy.Folder "ZMA" nie został usunięty tylko przeniesiony do kwarantanny,wiec spokojnie.Jak jest Ci potrzebny to możesz go przywrócić.Jest on w katalogu "C:\_OTL\MovedFiles."A infekcje którą znalazł jeszcze "MBAM" również radzę jak najszybciej usunąć.Co do owego folderu "ZMA" to po prostu pomyliłem się,usuwałem po prostu podejrzane pliki.Chciałbym jeszcze zobaczyć raport z usuwania z "OTL" o którym wspomniałeś ,a nie usłyszeć tylko o nim.A serowniki po prostu zaktualizuj w systemie,pobierz je do komponentów (najnowsze) ze stron producentów podzespołów.Lub uzyj jakiegoś programu do aktualizacji sterowników jak np. "SlimDrivers".


(Ten post był ostatnio modyfikowany: 25.07.2012 03:29 przez Illidan.)

25.07.2012 03:14

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
thermalfake
Ostatni Mohikanin

Liczba postów: 13.580
Post: #30

RE: System uruchamia się baaardzo wolno (około 15 minut)


RE: System uruchamia się baaardzo wolno (około 15 minut)

[Obrazek: 2089620800_1406976151.png]

W zamian za pomoc oczekuję poprawnej pisowni. Stop niechlujstwu.
Jak mądrze zadawać pytania? - przejrzyj poradnik na forum.
Nie udzielam porad via PW.

25.07.2012 13:27

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Odpowiedz

Podobne wątki
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
Rozwiązany Win7 uruchamia się 7 minut pomocy GregPl 4 2.882 15.05.2016 09:50
Ostatni post: GregPl
Usuwanie opcji startu systemu: napraw system, przywróć system, uruchom normalnie metronomus 1 2.468 01.01.2016 16:15
Ostatni post: thermalfake
System Windows7 się nie uruchamia Esejem 1 2.189 19.09.2015 22:07
Ostatni post: thermalfake
Po odzyskiwaniu systemu ( Recovery - przebiega prawidłowo ) system nie uruchamia się whoockey 1 1.874 19.09.2015 21:58
Ostatni post: thermalfake
system uruchamia się tylko do "Starting windows" tomek200 1 1.763 22.07.2015 15:34
Ostatni post: Bartixxx
Zatrzymanie systemu zaraz po starcie na około 15 minut psg 2 1.593 22.07.2015 15:33
Ostatni post: Bartixxx
« Starszy wątek | Nowszy wątek »

Temat został oceniony na 0 w skali 1-5 gwiazdek.
Zebrano 2 głosów.