Skocz do zawartości

  • 👋 Witaj na MPCForum!

    Przeglądasz forum jako gość, co oznacza, że wiele świetnych funkcji jest jeszcze przed Tobą! 😎

    • Pełny dostęp do działów i ukrytych treści
    • Możliwość pisania i odpowiadania w tematach
    • System prywatnych wiadomości
    • Zbieranie reputacji i rozwijanie swojego profilu
    • Członkostwo w jednej z największych społeczności graczy

    👉 Dołączenie zajmie Ci mniej niż minutę – a zyskasz znacznie więcej!

    Zarejestruj się teraz
  • 0

Mam problem z komputerem.

Limonkowyy

Pytanie zadane przez Limonkowyy ,

Pytanie

Limonkowyy Nowicjusz

Limonkowyy

Opublikowano
Nowicjusz

Limonkowyy

Opublikowano

Mianowicie, od nie dawna (tygodnia) zaczął mi się pojawiać taki komunikat 

http://screenshooter.net/8338433/rwrbswq

 jak nacisnę Remind me later to pobiera mi się plik o nazwie "setup.exe". Przez ten komunikat nie działają mi takie strony jak Facebook, Youtube, Google, Gmail. Do tego ten komunikat zalęgł się na moim telefonie, i 2 laptopach posiadam router bez hasła.

 

 

Poproszę o szybką pomoc!


Dodaje logi z OTL

 

 

 

OTL logfile created on: 2014-05-03 14:39:07 - Run 6OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Smolinski\Mes documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Pologne | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 55,89% Memory free
3,85 Gb Paging File | 3,07 Gb Available in Paging File | 79,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 67,33 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 56,14 Gb Free Space | 57,49% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 42,85 Gb Free Space | 87,76% Space Free | Partition Type: NTFS
Drive F: | 53,94 Gb Total Space | 48,08 Gb Free Space | 89,13% Space Free | Partition Type: NTFS
Drive N: | 407,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS


Computer Name: RENOTRAN-8DF120 | User Name: Smolinski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


========== Processes (SafeList) ==========


PRC - [2014-05-02 09:20:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smolinski\Mes documents\Downloads\OTL.exe
PRC - [2014-04-24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014-04-23 21:37:09 | 001,277,128 | ---- | M] (MK) -- D:\Program Files\MKJogo\MKLOL\MK.exe
PRC - [2014-04-15 10:46:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014-04-15 10:46:26 | 001,682,256 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2014-04-08 18:45:44 | 000,375,056 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
PRC - [2014-04-07 13:36:55 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014-03-21 12:38:56 | 000,494,592 | ---- | M] (LOL Replay) -- C:\Program Files\LOLReplay\LOLRecorder.exe
PRC - [2014-01-16 02:40:24 | 000,277,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
PRC - [2013-07-02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
PRC - [2013-07-02 09:16:26 | 000,254,336 | ---- | M] (Oracle Corporation) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2010-09-03 14:52:48 | 000,606,208 | ---- | M] () -- D:\Program Files\ScreenShooter\screenshooter.exe
PRC - [2008-06-27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008-04-14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-11-16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe




========== Modules (No Company Name) ==========


MOD - [2014-04-24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014-04-24 02:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014-04-24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014-04-24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014-04-24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014-03-21 12:38:46 | 000,378,880 | ---- | M] () -- C:\Program Files\LOLReplay\LOLUtils.dll
MOD - [2014-03-18 17:11:19 | 000,998,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014-03-18 17:10:31 | 000,978,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014-03-17 23:30:11 | 005,462,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014-03-17 23:30:06 | 012,434,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014-03-17 23:29:54 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014-03-17 23:29:36 | 002,295,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014-03-17 23:29:29 | 000,539,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\508d144b1e81e6642be4fea8799fb424\PresentationFramework.Luna.ni.dll
MOD - [2014-03-17 23:29:21 | 014,329,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014-03-17 23:28:57 | 012,218,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014-03-17 23:28:39 | 003,325,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014-03-17 23:28:27 | 007,977,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014-03-17 23:28:15 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014-02-10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014-02-10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2012-02-06 20:10:00 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-09-03 14:52:48 | 000,606,208 | ---- | M] () -- D:\Program Files\ScreenShooter\screenshooter.exe
MOD - [2010-09-03 14:50:48 | 002,537,472 | ---- | M] () -- D:\Program Files\ScreenShooter\QtCore4.dll
MOD - [2010-08-31 15:36:06 | 000,287,232 | ---- | M] () -- D:\Program Files\ScreenShooter\imageformats\qjpeg4.dll
MOD - [2010-08-31 11:49:22 | 009,812,992 | ---- | M] () -- D:\Program Files\ScreenShooter\QtGui4.dll
MOD - [2010-08-31 11:15:32 | 001,140,224 | ---- | M] () -- D:\Program Files\ScreenShooter\QtNetwork4.dll
MOD - [2009-06-22 20:42:42 | 000,043,008 | ---- | M] () -- D:\Program Files\ScreenShooter\libgcc_s_dw2-1.dll
MOD - [2009-01-10 12:32:40 | 000,011,362 | ---- | M] () -- D:\Program Files\ScreenShooter\mingwm10.dll
MOD - [2008-04-14 04:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll




========== Services (SafeList) ==========


SRV - File not found [Auto | Stopped] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014-04-15 10:46:26 | 001,682,256 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014-04-07 13:36:55 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014-01-16 02:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011-07-20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-06-27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-08-05 14:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2004-08-05 14:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\System32\regedt32.exe -- (.EsetTrialReset)




========== Driver Services (SafeList) ==========


DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WN111v2.sys -- (WN111v2)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ov530vid.sys -- (ovt530)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014-03-28 15:42:45 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2014-03-28 15:42:45 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2013-10-18 17:54:26 | 000,353,208 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- D:\Program Files\Counter-Strike Global Offensive\image\x86\OSFMount.sys -- (OSFMount)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007-12-14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007-03-26 21:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-03-24 13:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007-03-15 16:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006-02-07 21:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2005-02-23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004-08-13 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003-07-24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)




========== Standard Registry (SafeList) ==========




========== Internet Explorer ==========


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_frBE341
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - prefs.js..browser.startup.homepage: "www.be.msn.com"
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.7.0190
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-30 18:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-04-24 10:43:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


[2010-04-19 07:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Smolinski\Application Data\Mozilla\Extensions
[2012-05-02 11:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles\25wk9n06.default\extensions
[2010-05-02 10:44:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles\25wk9n06.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-24 12:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-08-06 07:47:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-04-24 15:18:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-11-18 07:30:14 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012-04-24 15:18:20 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012-04-24 15:18:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-04-24 15:18:20 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012-04-24 15:18:20 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012-04-24 15:18:20 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012-04-24 15:18:20 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml


O1 HOSTS File: ([2014-05-02 19:05:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [36X Raid Configurer] C:\windows\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [akady.exe] "C:\Documents and Settings\Smolinski\Application Data\Osrie\akady.exe" File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EADM] D:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized File not found
O4 - HKCU..\Run: [MKLOL] D:\Program Files\MKJogo\MKLOL\MK.exe (MK)
O4 - HKCU..\Run: [screenshooter] D:\Program Files\ScreenShooter\screenshooter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe (LOL Replay)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50856B3C-45DE-4E25-A3AA-A4C78F53B3C9}: DhcpNameServer = 173.234.241.50 8.8.8.8
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Smolinski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Smolinski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-27 19:55:30 | 000,000,047 | R--- | M] () - N:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,000,380 | R--- | M] () - N:\autorun.xml -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,290 | R--- | M] () - N:\autorun_de.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - N:\autorun_en.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - N:\autorun_pl.css -- [ CDFS ]
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\cdstart.exe -- [2009-08-27 20:33:26 | 000,266,240 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


========== Files/Folders - Created Within 30 Days ==========


[2014-05-02 09:24:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-04-28 21:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Mes documents\LOLReplay
[2014-04-28 21:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2014-04-25 22:24:54 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014-04-25 22:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes Anti-Malware
[2014-04-25 22:24:43 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2014-04-25 22:24:43 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2014-04-25 22:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014-04-25 22:14:56 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\System32\sqlite3.dll
[2014-04-25 22:14:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-04-25 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Osrie
[2014-04-25 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Nakik
[2014-04-25 12:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Mes documents\FIFA World
[2014-04-25 12:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\EA Sports FIFA World
[2014-04-25 12:39:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Fichiers communs\EAInstaller
[2014-04-24 18:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Origin
[2014-04-24 18:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\Origin
[2014-04-24 18:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Origin
[2014-04-24 18:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Origin
[2014-04-24 12:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Deep Silver
[2014-04-24 11:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Bureau\zamki
[2014-04-24 10:43:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014-04-23 21:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2014-04-22 08:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\WMTools Downloaded Files
[2014-04-22 08:26:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Smolinski\Mes documents\Mes vidéos
[2014-04-22 08:26:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[2014-04-22 08:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Bureau\photo
[2014-04-21 17:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Bureau\world
[2014-04-19 21:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\LogMeIn
[2014-04-19 21:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014-04-19 18:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\LogMeIn Hamachi
[2014-04-19 18:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2014-04-19 18:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\LogMeIn Hamachi
[2014-04-19 13:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014-04-19 13:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ElfBot NG
[2014-04-17 12:49:42 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2014-04-07 16:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\Sun
[2014-04-07 13:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\.minecraft
[2014-04-07 13:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014-04-07 13:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2014-04-07 13:37:19 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2014-04-07 13:37:19 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl
[2014-04-07 13:37:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2014-04-07 13:37:08 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2014-04-07 13:37:08 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2014-04-07 13:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Java
[2014-04-07 13:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014-04-07 13:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Sun
[2014-04-05 11:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Mes documents\MK-LOL
[2014-04-05 11:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Menu Démarrer\Programmes\MKJogo
[2014-04-04 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Tibia
[2014-04-04 17:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Tibia
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]


========== Files - Modified Within 30 Days ==========


[2014-05-03 14:41:00 | 000,001,056 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-03 14:41:00 | 000,001,052 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-03 14:28:22 | 000,000,440 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{0FFEE689-2B61-45D7-9045-1E9894286D28}.job
[2014-05-03 14:09:14 | 000,428,250 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2014-05-03 14:09:14 | 000,423,740 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014-05-03 14:09:14 | 000,077,964 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2014-05-03 14:09:14 | 000,064,800 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014-05-03 14:08:32 | 000,000,230 | ---- | M] () -- C:\windows\tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
[2014-05-03 14:08:29 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2014-05-02 19:05:52 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2014-04-30 14:56:36 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\ElfBot NG.lnk
[2014-04-30 11:32:53 | 000,036,678 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\gpfritc.jpg
[2014-04-30 10:13:01 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[2014-04-28 21:58:15 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014-04-28 21:38:46 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LOLRecorder.lnk
[2014-04-28 21:38:46 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\LOL Recorder.lnk
[2014-04-25 22:24:46 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014-04-25 12:40:01 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\EA Sports FIFA World.lnk
[2014-04-24 18:32:20 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Origin.lnk
[2014-04-24 16:23:43 | 000,150,792 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2014-04-24 12:43:24 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Sacred 2 Złota Edycja.lnk
[2014-04-24 10:43:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader XI.lnk
[2014-04-24 10:33:23 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\Google Ultron.lnk
[2014-04-23 21:36:22 | 000,014,990 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\jaba.jpg
[2014-04-23 20:18:13 | 000,010,992 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\mamo mialabys.jpg
[2014-04-23 18:02:23 | 000,000,043 | ---- | M] () -- C:\windows\gswin32.ini
[2014-04-22 10:13:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2014-04-22 08:36:48 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-04-22 08:36:25 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Smolinski\default.pls
[2014-04-22 08:35:48 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2014-04-21 07:54:17 | 000,013,750 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2014-04-18 17:54:29 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Tibia.lnk
[2014-04-16 08:42:27 | 000,350,145 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\2014-04-16_08.42.27.png
[2014-04-09 16:19:37 | 000,001,355 | ---- | M] () -- C:\windows\imsins.BAK
[2014-04-08 15:00:04 | 000,000,224 | ---- | M] () -- C:\windows\tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
[2014-04-07 16:14:27 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2014-04-07 13:36:55 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2014-04-07 13:36:54 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2014-04-07 13:36:54 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2014-04-07 13:36:54 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2014-04-07 13:36:54 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl
[2014-04-05 11:08:46 | 000,000,048 | ---- | M] () -- C:\windows\JQHApp.dat
[2014-04-05 11:06:17 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\MK LOL.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]


========== Files Created - No Company Name ==========


[2014-04-30 14:56:36 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\ElfBot NG.lnk
[2014-04-30 11:33:30 | 000,036,678 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\gpfritc.jpg
[2014-04-28 21:44:54 | 000,091,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014-04-28 21:38:46 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LOLRecorder.lnk
[2014-04-28 21:38:46 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\LOL Recorder.lnk
[2014-04-28 21:38:46 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\LOL Recorder.lnk
[2014-04-25 22:24:46 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014-04-25 12:40:01 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\EA Sports FIFA World.lnk
[2014-04-24 18:32:20 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Origin.lnk
[2014-04-24 12:43:24 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Sacred 2 Złota Edycja.lnk
[2014-04-24 10:43:41 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader XI.lnk
[2014-04-24 10:43:41 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader XI.lnk
[2014-04-24 10:32:57 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\Google Ultron.lnk
[2014-04-23 21:36:21 | 000,014,990 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\jaba.jpg
[2014-04-23 20:18:13 | 000,010,992 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\mamo mialabys.jpg
[2014-04-16 08:42:27 | 000,350,145 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\2014-04-16_08.42.27.png
[2014-04-05 11:08:46 | 000,000,048 | ---- | C] () -- C:\windows\JQHApp.dat
[2014-04-05 11:06:17 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\MK LOL.lnk
[2014-04-04 17:58:09 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Tibia.lnk
[2014-03-28 15:42:45 | 000,278,728 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2014-03-28 15:42:45 | 000,025,416 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2012-04-13 18:50:09 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2010-01-21 18:20:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Smolinski\default.pls
[2009-09-16 20:42:34 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


========== ZeroAccess Check ==========


[2010-01-28 12:04:52 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 04:33:41 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 04:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both


========== Alternate Data Streams ==========


@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BE50C2B


< End of report >
 

 

 

1pa2pk.jpg

22 odpowiedzi na to pytanie

Rekomendowane odpowiedzi

Janusz. Legenda

Janusz.

Opublikowano
Legenda

Janusz.

Opublikowano

nawet na tym ssie jest informacja o tym że są zmienione dnsy z "infekcją". poszukaj w ustawieniach czegoś o zmianie dnsów bądź zobacz do instrukcji obsługi. taka moja rada, wymień ten router. jest podatny na ataki.

Limonkowyy Nowicjusz

Limonkowyy

Opublikowano
Nowicjusz

Limonkowyy

  • Autor
Opublikowano

Logi ze skana. :D
 

 

 

OTL logfile created on: 2014-05-04 08:32:12 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Smolinski\Mes documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Pologne | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,49% Memory free
3,85 Gb Paging File | 3,07 Gb Available in Paging File | 79,72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 67,32 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 56,13 Gb Free Space | 57,48% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 42,85 Gb Free Space | 87,76% Space Free | Partition Type: NTFS
Drive F: | 53,94 Gb Total Space | 48,08 Gb Free Space | 89,13% Space Free | Partition Type: NTFS
Drive N: | 407,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RENOTRAN-8DF120 | User Name: Smolinski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-05-03 20:47:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smolinski\Mes documents\Downloads\OTL (1).exe
PRC - [2014-04-25 10:52:59 | 003,588,952 | ---- | M] (Electronic Arts) -- D:\Program Files\Origin\Origin.exe
PRC - [2014-04-24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014-04-15 10:46:26 | 001,682,256 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2014-04-08 18:45:44 | 000,375,056 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
PRC - [2014-04-07 13:36:55 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014-01-16 02:40:24 | 000,277,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
PRC - [2013-07-02 09:16:26 | 000,254,336 | ---- | M] (Oracle Corporation) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2008-06-27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008-04-14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-16 20:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-11-16 19:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-04-25 10:52:55 | 000,962,560 | ---- | M] () -- D:\Program Files\Origin\platforms\qwindows.dll
MOD - [2014-04-25 10:52:52 | 000,302,592 | ---- | M] () -- D:\Program Files\Origin\imageformats\qtiff.dll
MOD - [2014-04-25 10:52:52 | 000,261,632 | ---- | M] () -- D:\Program Files\Origin\imageformats\qmng.dll
MOD - [2014-04-25 10:52:52 | 000,217,088 | ---- | M] () -- D:\Program Files\Origin\imageformats\qjpeg.dll
MOD - [2014-04-25 10:52:52 | 000,025,088 | ---- | M] () -- D:\Program Files\Origin\imageformats\qico.dll
MOD - [2014-04-25 10:52:52 | 000,024,064 | ---- | M] () -- D:\Program Files\Origin\imageformats\qgif.dll
MOD - [2014-04-25 10:52:52 | 000,019,968 | ---- | M] () -- D:\Program Files\Origin\imageformats\qtga.dll
MOD - [2014-04-25 10:52:52 | 000,018,944 | ---- | M] () -- D:\Program Files\Origin\imageformats\qwbmp.dll
MOD - [2014-04-24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014-04-24 02:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014-04-24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014-04-24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014-04-24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2008-04-14 04:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014-04-15 10:46:26 | 001,682,256 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014-04-07 13:36:55 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014-01-16 02:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011-07-20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-06-27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-08-05 14:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2004-08-05 14:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\System32\regedt32.exe -- (.EsetTrialReset)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014-03-28 15:42:45 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2014-03-28 15:42:45 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2013-10-18 17:54:26 | 000,353,208 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- D:\Program Files\Counter-Strike Global Offensive\image\x86\OSFMount.sys -- (OSFMount)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007-12-14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007-03-26 21:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-03-24 13:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007-03-15 16:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006-02-07 21:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2005-02-23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004-08-13 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003-07-24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_frBE341
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.be.msn.com"
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.7.0190
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-30 18:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-04-24 10:43:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2010-04-19 07:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Smolinski\Application Data\Mozilla\Extensions
[2012-05-02 11:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles\25wk9n06.default\extensions
[2010-05-02 10:44:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles\25wk9n06.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-24 12:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-08-06 07:47:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-04-24 15:18:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-11-18 07:30:14 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012-04-24 15:18:20 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012-04-24 15:18:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-04-24 15:18:20 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012-04-24 15:18:20 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012-04-24 15:18:20 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012-04-24 15:18:20 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2014-05-02 19:05:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1060284298-362288127-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [36X Raid Configurer] C:\windows\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1004..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1004..\Run: [EADM] D:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1004..\Run: [MKLOL] D:\Program Files\MKJogo\MKLOL\MK.exe (MK)
O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1004..\Run: [screenshooter] D:\Program Files\ScreenShooter\screenshooter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe (LOL Replay)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50856B3C-45DE-4E25-A3AA-A4C78F53B3C9}: DhcpNameServer = 173.234.241.50 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A30A3BDB-39D6-4D20-8511-42E2C6164C9E}: NameServer = 8.8.8.8,8.8.4.8
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Smolinski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Smolinski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-27 19:55:30 | 000,000,047 | R--- | M] () - N:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,000,380 | R--- | M] () - N:\autorun.xml -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,290 | R--- | M] () - N:\autorun_de.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - N:\autorun_en.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - N:\autorun_pl.css -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-05-03 21:06:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-04-28 21:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Mes documents\LOLReplay
[2014-04-28 21:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2014-04-25 22:24:54 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014-04-25 22:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes Anti-Malware
[2014-04-25 22:24:43 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2014-04-25 22:24:43 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2014-04-25 22:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014-04-25 22:14:56 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\System32\sqlite3.dll
[2014-04-25 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Osrie
[2014-04-25 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Nakik
[2014-04-25 12:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Mes documents\FIFA World
[2014-04-25 12:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\EA Sports FIFA World
[2014-04-25 12:39:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Fichiers communs\EAInstaller
[2014-04-24 18:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Origin
[2014-04-24 18:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\Origin
[2014-04-24 18:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Origin
[2014-04-24 18:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Origin
[2014-04-24 12:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Deep Silver
[2014-04-24 11:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Bureau\zamki
[2014-04-24 10:43:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014-04-23 21:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2014-04-22 08:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\WMTools Downloaded Files
[2014-04-22 08:26:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Smolinski\Mes documents\Mes vidéos
[2014-04-22 08:26:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[2014-04-22 08:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Bureau\photo
[2014-04-21 17:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Bureau\world
[2014-04-19 21:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\LogMeIn
[2014-04-19 21:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014-04-19 18:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\LogMeIn Hamachi
[2014-04-19 18:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2014-04-19 18:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\LogMeIn Hamachi
[2014-04-19 13:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014-04-19 13:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ElfBot NG
[2014-04-17 12:49:42 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2014-04-07 16:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\Sun
[2014-04-07 13:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\.minecraft
[2014-04-07 13:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014-04-07 13:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2014-04-07 13:37:19 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2014-04-07 13:37:19 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl
[2014-04-07 13:37:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2014-04-07 13:37:08 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2014-04-07 13:37:08 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2014-04-07 13:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Java
[2014-04-07 13:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014-04-07 13:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Sun
[2014-04-05 11:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Mes documents\MK-LOL
[2014-04-05 11:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Menu Démarrer\Programmes\MKJogo
[2014-04-04 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Smolinski\Application Data\Tibia
[2014-04-04 17:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Tibia
 
========== Files - Modified Within 30 Days ==========
 
[2014-05-04 08:34:00 | 000,000,440 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{0FFEE689-2B61-45D7-9045-1E9894286D28}.job
[2014-05-04 08:29:44 | 000,428,250 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2014-05-04 08:29:44 | 000,423,740 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014-05-04 08:29:44 | 000,077,964 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2014-05-04 08:29:44 | 000,064,800 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014-05-04 08:29:03 | 000,001,052 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-04 08:29:03 | 000,000,230 | ---- | M] () -- C:\windows\tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
[2014-05-04 08:29:00 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2014-05-03 22:41:00 | 000,001,056 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-03 20:01:44 | 000,150,792 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2014-05-03 15:05:11 | 000,013,285 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\bsggaxu.jpg
[2014-05-03 14:56:36 | 000,023,135 | ---- | M] () -- C:\Documents and Settings\Smolinski\bsggaxu.jpg
[2014-05-03 14:56:07 | 000,036,546 | ---- | M] () -- C:\Documents and Settings\Smolinski\pidvorr.jpg
[2014-05-03 14:56:07 | 000,036,546 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\pidvorr.jpg
[2014-05-03 14:54:54 | 000,031,843 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\fakpplg.jpg
[2014-05-02 19:05:52 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2014-04-30 14:56:36 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\ElfBot NG.lnk
[2014-04-30 11:32:53 | 000,036,678 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\gpfritc.jpg
[2014-04-30 10:13:01 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[2014-04-28 21:58:15 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014-04-28 21:38:46 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LOLRecorder.lnk
[2014-04-28 21:38:46 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\LOL Recorder.lnk
[2014-04-25 22:24:46 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014-04-25 12:40:01 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\EA Sports FIFA World.lnk
[2014-04-24 18:32:20 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Origin.lnk
[2014-04-24 12:43:24 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Sacred 2 Złota Edycja.lnk
[2014-04-24 10:43:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader XI.lnk
[2014-04-24 10:33:23 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\Google Ultron.lnk
[2014-04-23 21:36:22 | 000,014,990 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\jaba.jpg
[2014-04-23 20:18:13 | 000,010,992 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\mamo mialabys.jpg
[2014-04-23 18:02:23 | 000,000,043 | ---- | M] () -- C:\windows\gswin32.ini
[2014-04-22 10:13:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2014-04-22 08:36:48 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-04-22 08:36:25 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Smolinski\default.pls
[2014-04-22 08:35:48 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2014-04-21 07:54:17 | 000,013,750 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2014-04-18 17:54:29 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Tibia.lnk
[2014-04-16 08:42:27 | 000,350,145 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\2014-04-16_08.42.27.png
[2014-04-09 16:19:37 | 000,001,355 | ---- | M] () -- C:\windows\imsins.BAK
[2014-04-08 15:00:04 | 000,000,224 | ---- | M] () -- C:\windows\tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
[2014-04-07 16:14:27 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2014-04-07 13:36:55 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2014-04-07 13:36:54 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2014-04-07 13:36:54 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2014-04-07 13:36:54 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2014-04-07 13:36:54 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl
[2014-04-05 11:08:46 | 000,000,048 | ---- | M] () -- C:\windows\JQHApp.dat
[2014-04-05 11:06:17 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Smolinski\Bureau\MK LOL.lnk
 
========== Files Created - No Company Name ==========
 
[2014-05-03 14:57:01 | 000,036,546 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\pidvorr.jpg
[2014-05-03 14:56:54 | 000,013,285 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\bsggaxu.jpg
[2014-05-03 14:56:43 | 000,023,135 | ---- | C] () -- C:\Documents and Settings\Smolinski\bsggaxu.jpg
[2014-05-03 14:56:13 | 000,036,546 | ---- | C] () -- C:\Documents and Settings\Smolinski\pidvorr.jpg
[2014-05-03 14:55:12 | 000,031,843 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\fakpplg.jpg
[2014-04-30 14:56:36 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\ElfBot NG.lnk
[2014-04-30 11:33:30 | 000,036,678 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\gpfritc.jpg
[2014-04-28 21:44:54 | 000,270,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014-04-28 21:38:46 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LOLRecorder.lnk
[2014-04-28 21:38:46 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\LOL Recorder.lnk
[2014-04-28 21:38:46 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\LOL Recorder.lnk
[2014-04-25 22:24:46 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014-04-25 12:40:01 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\EA Sports FIFA World.lnk
[2014-04-24 18:32:20 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Origin.lnk
[2014-04-24 12:43:24 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Sacred 2 Złota Edycja.lnk
[2014-04-24 10:43:41 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader XI.lnk
[2014-04-24 10:43:41 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader XI.lnk
[2014-04-24 10:32:57 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\Google Ultron.lnk
[2014-04-23 21:36:21 | 000,014,990 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\jaba.jpg
[2014-04-23 20:18:13 | 000,010,992 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\mamo mialabys.jpg
[2014-04-16 08:42:27 | 000,350,145 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\2014-04-16_08.42.27.png
[2014-04-05 11:08:46 | 000,000,048 | ---- | C] () -- C:\windows\JQHApp.dat
[2014-04-05 11:06:17 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\Smolinski\Bureau\MK LOL.lnk
[2014-04-04 17:58:09 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Tibia.lnk
[2014-03-28 15:42:45 | 000,278,728 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2014-03-28 15:42:45 | 000,025,416 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2012-04-13 18:50:09 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2010-01-21 18:20:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Smolinski\default.pls
[2009-09-16 20:42:34 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Smolinski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010-01-28 12:04:52 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 04:33:41 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 04:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014-02-24 21:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010-12-17 21:56:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011-08-01 08:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2014-02-24 21:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-01-17 16:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010-01-04 20:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2014-04-19 21:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009-10-13 13:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2014-05-03 21:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2010-01-07 23:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2014-05-03 22:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-01-12 00:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2009-08-24 08:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011-01-17 19:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2014-05-03 13:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\.minecraft
[2012-02-14 09:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Autodesk
[2012-04-24 14:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Bullzip
[2010-12-17 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Canon
[2011-08-01 08:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\DAEMON Tools Lite
[2012-02-28 17:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\FreeCall
[2010-01-04 17:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Leadertech
[2014-03-17 17:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\LolClient
[2014-04-25 22:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Nakik
[2014-04-25 10:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Origin
[2014-04-25 22:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Osrie
[2010-01-07 22:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Sports Interactive
[2014-04-04 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\Tibia
[2014-05-03 22:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\TS3Client
[2014-03-19 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Smolinski\Application Data\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BE50C2B
 
< End of report >

1pa2pk.jpg

Limonkowyy Nowicjusz

Limonkowyy

Opublikowano
Nowicjusz

Limonkowyy

  • Autor
Opublikowano

Zaznaczyłem ;P 
 

 

All processes killed

========== OTL ==========
Error: No service named Nero BackItUp Scheduler 4.0 was found to stop!
Service\Driver key Nero BackItUp Scheduler 4.0 not found.
File C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
File %SystemRoot%\System32\appmgmts.dll not found.
Error: No service named WN111v2 was found to stop!
Service\Driver key WN111v2 not found.
File system32\DRIVERS\WN111v2.sys not found.
Error: No service named WDICA was found to stop!
Service\Driver key WDICA not found.
Error: No service named SetupNTGLM7X was found to stop!
Service\Driver key SetupNTGLM7X not found.
File G:\NTGLM7X.sys not found.
Error: No service named PDRFRAME was found to stop!
Service\Driver key PDRFRAME not found.
Error: No service named PDRELI was found to stop!
Service\Driver key PDRELI not found.
Error: No service named PDFRAME was found to stop!
Service\Driver key PDFRAME not found.
Error: No service named PDCOMP was found to stop!
Service\Driver key PDCOMP not found.
Error: No service named PCIDump was found to stop!
Service\Driver key PCIDump not found.
Error: No service named ovt530 was found to stop!
Service\Driver key ovt530 not found.
File System32\Drivers\ov530vid.sys not found.
Error: No service named NTACCESS was found to stop!
Service\Driver key NTACCESS not found.
File G:\NTACCESS.sys not found.
Error: No service named MSICPL was found to stop!
Service\Driver key MSICPL not found.
File G:\install4\MSICPL.sys not found.
Error: No service named lbrtfdc was found to stop!
Service\Driver key lbrtfdc not found.
Error: No service named i2omgmt was found to stop!
Service\Driver key i2omgmt not found.
Error: No service named GMSIPCI was found to stop!
Service\Driver key GMSIPCI not found.
File G:\INSTALL\GMSIPCI.SYS not found.
Error: No service named Changer was found to stop!
Service\Driver key Changer not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\akady.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FreeCall not found.
File move failed. N:\autorun.inf scheduled to be moved on reboot.
File move failed. N:\autorun.xml scheduled to be moved on reboot.
File move failed. N:\autorun_de.css scheduled to be moved on reboot.
File move failed. N:\autorun_en.css scheduled to be moved on reboot.
File move failed. N:\autorun_pl.css scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ deleted successfully.
File move failed. N:\cdstart.exe scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\AdwCleaner not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Smolinski
->Temp folder emptied: 587971 bytes
->Temporary Internet Files folder emptied: 5279371 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 379 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 215 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05032014_222451
 
Files\Folders moved on Reboot...
File move failed. N:\autorun.inf scheduled to be moved on reboot.
File move failed. N:\autorun.xml scheduled to be moved on reboot.
File move failed. N:\autorun_de.css scheduled to be moved on reboot.
File move failed. N:\autorun_en.css scheduled to be moved on reboot.
File move failed. N:\autorun_pl.css scheduled to be moved on reboot.
File move failed. N:\cdstart.exe scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

1pa2pk.jpg

Limonkowyy Nowicjusz

Limonkowyy

Opublikowano
Nowicjusz

Limonkowyy

  • Autor
Opublikowano

Wytłumaczysz dla mnie wszystko szczegółowo? Mało rozeznany jestem w tych OTL i innych programach :/ 
 

 

All processes killed

========== OTL ==========
Error: No service named Nero BackItUp Scheduler 4.0 was found to stop!
Service\Driver key Nero BackItUp Scheduler 4.0 not found.
File C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
File %SystemRoot%\System32\appmgmts.dll not found.
Error: No service named WN111v2 was found to stop!
Service\Driver key WN111v2 not found.
File system32\DRIVERS\WN111v2.sys not found.
Error: No service named WDICA was found to stop!
Service\Driver key WDICA not found.
Error: No service named SetupNTGLM7X was found to stop!
Service\Driver key SetupNTGLM7X not found.
File G:\NTGLM7X.sys not found.
Error: No service named PDRFRAME was found to stop!
Service\Driver key PDRFRAME not found.
Error: No service named PDRELI was found to stop!
Service\Driver key PDRELI not found.
Error: No service named PDFRAME was found to stop!
Service\Driver key PDFRAME not found.
Error: No service named PDCOMP was found to stop!
Service\Driver key PDCOMP not found.
Error: No service named PCIDump was found to stop!
Service\Driver key PCIDump not found.
Error: No service named ovt530 was found to stop!
Service\Driver key ovt530 not found.
File System32\Drivers\ov530vid.sys not found.
Error: No service named NTACCESS was found to stop!
Service\Driver key NTACCESS not found.
File G:\NTACCESS.sys not found.
Error: No service named MSICPL was found to stop!
Service\Driver key MSICPL not found.
File G:\install4\MSICPL.sys not found.
Error: No service named lbrtfdc was found to stop!
Service\Driver key lbrtfdc not found.
Error: No service named i2omgmt was found to stop!
Service\Driver key i2omgmt not found.
Error: No service named GMSIPCI was found to stop!
Service\Driver key GMSIPCI not found.
File G:\INSTALL\GMSIPCI.SYS not found.
Error: No service named Changer was found to stop!
Service\Driver key Changer not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\akady.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FreeCall not found.
File move failed. N:\autorun.inf scheduled to be moved on reboot.
File move failed. N:\autorun.xml scheduled to be moved on reboot.
File move failed. N:\autorun_de.css scheduled to be moved on reboot.
File move failed. N:\autorun_en.css scheduled to be moved on reboot.
File move failed. N:\autorun_pl.css scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ deleted successfully.
File move failed. N:\cdstart.exe scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\AdwCleaner not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Smolinski
->Temp folder emptied: 588749 bytes
->Temporary Internet Files folder emptied: 5276161 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 430 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05032014_210617
 
Files\Folders moved on Reboot...
File move failed. N:\autorun.inf scheduled to be moved on reboot.
File move failed. N:\autorun.xml scheduled to be moved on reboot.
File move failed. N:\autorun_de.css scheduled to be moved on reboot.
File move failed. N:\autorun_en.css scheduled to be moved on reboot.
File move failed. N:\autorun_pl.css scheduled to be moved on reboot.
File move failed. N:\cdstart.exe scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

 Zrobilem jeszcze raz, teraz jest dobrze?

1pa2pk.jpg

Janusz. Legenda

Janusz.

Opublikowano
Legenda

Janusz.

Opublikowano

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50856B3C-45DE-4E25-A3AA-A4C78F53B3C9}: DhcpNameServer = 173.234.241.50 8.8.8.8

 

nadal nie zmienione. być może infekcja jest na routerze. zresetuj router do ustawień fabrycznych.

Janusz. Legenda

Janusz.

Opublikowano
Legenda

Janusz.

Opublikowano

Wina dns'ów. 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50856B3C-45DE-4E25-A3AA-A4C78F53B3C9}: DhcpNameServer = 173.234.241.50 8.8.8.8
 
zmień je na 8.8.8.8 8.8.4.8. 
 
jeszcze można zrobić jakieś stylistyczne poprawki 
 
1. w własne opcje skanowania wklej 
 

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WN111v2.sys -- (WN111v2)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ov530vid.sys -- (ovt530)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [akady.exe] "C:\Documents and Settings\Smolinski\Application Data\Osrie\akady.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized File not found
O32 - AutoRun File - [2008-03-27 19:55:30 | 000,000,047 | R--- | M] () - N:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,000,380 | R--- | M] () - N:\autorun.xml -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,290 | R--- | M] () - N:\autorun_de.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - N:\autorun_en.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - N:\autorun_pl.css -- [ CDFS ]
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\cdstart.exe -- [2009-08-27 20:33:26 | 000,266,240 | R--- | M] ()


:Files
C:\AdwCleaner


:Commands
[emptytemp]

 
wykonaj skrypt, zatwierdź restart. w OTL użyj sprzątanie. 
 
powiedz mi jeszcze jaki masz router i z czego internet? bardzo często widzę te infekcje i chciałbym się dowiedzieć skąd to się bierze i co najczęściej atakuje.
Limonkowyy Nowicjusz

Limonkowyy

Opublikowano
Nowicjusz

Limonkowyy

  • Autor
Opublikowano

Logi powinny być takie po tym skrypcie w OTL?
Dalej się to pojawia, wszystko zrobiłem jak napisałeś :(

 

All processes killed

========== OTL ==========
Service Nero BackItUp Scheduler 4.0 stopped successfully!
Service Nero BackItUp Scheduler 4.0 deleted successfully!
File C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WN111v2 stopped successfully!
Service WN111v2 deleted successfully!
File system32\DRIVERS\WN111v2.sys not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
File G:\NTGLM7X.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service ovt530 stopped successfully!
Service ovt530 deleted successfully!
File System32\Drivers\ov530vid.sys not found.
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
File G:\NTACCESS.sys not found.
Service MSICPL stopped successfully!
Service MSICPL deleted successfully!
File G:\install4\MSICPL.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File G:\INSTALL\GMSIPCI.SYS not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\akady.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FreeCall deleted successfully.
File move failed. N:\autorun.inf scheduled to be moved on reboot.
File move failed. N:\autorun.xml scheduled to be moved on reboot.
File move failed. N:\autorun_de.css scheduled to be moved on reboot.
File move failed. N:\autorun_en.css scheduled to be moved on reboot.
File move failed. N:\autorun_pl.css scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ deleted successfully.
File move failed. N:\cdstart.exe scheduled to be moved on reboot.
========== FILES ==========
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome\User Data\Default folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome\User Data folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data\Google\Chrome folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data\Google folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings\Application Data folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Local Settings folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles\25wk9n06.default\searchplugins folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles\25wk9n06.default folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Application Data\Mozilla folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski\Application Data folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Smolinski folder moved successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings folder moved successfully.
C:\AdwCleaner\Quarantine\C folder moved successfully.
C:\AdwCleaner\Quarantine folder moved successfully.
C:\AdwCleaner\Backup\C\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles\25wk9n06.default folder moved successfully.
C:\AdwCleaner\Backup\C\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox\Profiles folder moved successfully.
C:\AdwCleaner\Backup\C\Documents and Settings\Smolinski\Application Data\Mozilla\Firefox folder moved successfully.
C:\AdwCleaner\Backup\C\Documents and Settings\Smolinski\Application Data\Mozilla folder moved successfully.
C:\AdwCleaner\Backup\C\Documents and Settings\Smolinski\Application Data folder moved successfully.
C:\AdwCleaner\Backup\C\Documents and Settings\Smolinski folder moved successfully.
C:\AdwCleaner\Backup\C\Documents and Settings folder moved successfully.
C:\AdwCleaner\Backup\C folder moved successfully.
C:\AdwCleaner\Backup folder moved successfully.
C:\AdwCleaner folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Smolinski
->Temp folder emptied: 622812 bytes
->Temporary Internet Files folder emptied: 10132620 bytes
->FireFox cache emptied: 5835555 bytes
->Flash cache emptied: 547 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 809496 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18104 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 17,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05032014_185522
 
Files\Folders moved on Reboot...
File move failed. N:\autorun.inf scheduled to be moved on reboot.
File move failed. N:\autorun.xml scheduled to be moved on reboot.
File move failed. N:\autorun_de.css scheduled to be moved on reboot.
File move failed. N:\autorun_en.css scheduled to be moved on reboot.
File move failed. N:\autorun_pl.css scheduled to be moved on reboot.
File move failed. N:\cdstart.exe scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

1pa2pk.jpg

Zarchiwizowany

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

Pytania
×
×
  • Dodaj nową pozycję...