Skocz do zawartości

  • 👋 Witaj na MPCForum!

    Przeglądasz forum jako gość, co oznacza, że wiele świetnych funkcji jest jeszcze przed Tobą! 😎

    • Pełny dostęp do działów i ukrytych treści
    • Możliwość pisania i odpowiadania w tematach
    • System prywatnych wiadomości
    • Zbieranie reputacji i rozwijanie swojego profilu
    • Członkostwo w jednej z największych społeczności graczy

    👉 Dołączenie zajmie Ci mniej niż minutę – a zyskasz znacznie więcej!

    Zarejestruj się teraz
  • 0

Malware gen.

kopyteczkoo

Pytanie zadane przez kopyteczkoo ,

Pytanie

kopyteczkoo Mentor

kopyteczkoo

Opublikowano
Mentor

kopyteczkoo

Opublikowano

Witam, ostatnio avast wykrywał mi codziennie po włączeniu systemu malware gen. Przed chwilą wyczytałem, że należy zainstalować malwarebytes - antymalware i on mi usunie te "zainfekowane rzeczy". I teraz moje pytanie. Czy to wystarczy?

Antyvirusa ostatecznie mogę zmienić na "norton-a"


To nie koniec. 
Skanowałem 10 min temu wykryło 20 plików = oddałem do kwarantanny. (pliki z dysku C (z systemem))
Teraz skanuje jeszcze raz i o dziwo wykrywa kolejne zainfekowane pliki. 

Jakby nie było jutra, jakby nie istniał czas, chwila to dziś sekunda, ale zegar dawno już zgasł...

Trzyma przy sobie nas tylko wspomnienie tego, jak było tu nam na początku

 

4875_blue.png [*] 30.09.2016r. [*] 9368_gold.png

 

 

 

 

11 odpowiedzi na to pytanie

Rekomendowane odpowiedzi

Janusz. Legenda

Janusz.

Opublikowano
Legenda

Janusz.

Opublikowano

LOG :

 

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

File move failed. G:\autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ not found.

File G:\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.

File move failed. G:\setup.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.

File move failed. G:\setup.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.

File move failed. G:\setup.exe scheduled to be moved on reboot.

 

OTL by OldTimer - Version 3.2.69.0 log created on 06072014_165909

 

Files\Folders moved on Reboot...

File\Folder G:\autorun.inf not found!

File\Folder G:\setup.exe not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

 

I teraz nei bd miał już malware? Jezeli tak to dzięki :D

 

Takie pytanie ile się tego wszystkiego uczyłeś?

Jeśli nie będziesz pobierał syfu to nie będziesz miał.

Nezvik Mentor

Nezvik

Opublikowano
Mentor

Nezvik

Opublikowano

W OTL wykonaj:

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosear...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosear...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosear...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosear...q={searchTerms}
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - AutoRun File - [2011-12-13 23:04:47 | 000,000,175 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\configure\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\install\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
Następnie w OTL kliknij sprzątanie. Log już czysty.
Nezvik Mentor

Nezvik

Opublikowano
Mentor

Nezvik

Opublikowano

w OTL wykonaj:

:OTL
PRC - [2014-06-07 13:43:38 | 002,214,549 | ---- | M] ( ) -- C:\Windows\Temp\PirritUpdater.exe
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Krystian\AppData\Local\Akamai\netsession_win.exe" File not found
 
:Files
C:\Windows\Temp\PirritUpdater.exe
 
:Commands
[emptytemp]

Wstaw log z usuwania + wykonaj nowy log OTL. Sprawdź czy znowu wywala błędy o malware.

Nezvik Mentor

Nezvik

Opublikowano
Mentor

Nezvik

Opublikowano
Sprawdź czy można odinstalować program adware Pirrit Suggestor.
Usuń rozszerzenie Pirrit Suggestor:
Firefox -> Ctrl+Shift+A -> Rozszerzenia
Chrome -> Narzędzia -> Rozszerzenia
 
w OTL wykonaj:
:OTL

PRC - [2014-06-07 15:15:50 | 002,214,549 | ---- | M] ( ) -- C:\Windows\Temp\PirritUpdater.exe
PRC - [2014-01-10 15:58:54 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe
SRV - [2014-01-10 15:58:54 | 000,055,296 | ---- | M] () [Auto | Start_Pending] -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe -- (PirritUpdater)
[2013-11-03 11:23:28 | 000,010,300 | R--- | M] () (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2013-11-18 21:03:11 | 000,011,404 | R--- | M] () (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected]
 
:Files
C:\Windows\Temp\PirritUpdater.exe
 
:Commands
[emptytemp]

 

Wstaw log z usuwania + wykonaj nowy log OTL.

kopyteczkoo Mentor

kopyteczkoo

Opublikowano
Mentor

kopyteczkoo

  • Autor
Opublikowano

Opcja wykonaj skrypt tak?

 

Dziwne usunęło mi te pliki, które pobrałem (anti malware itp)

 

Po zainstalowaniu go ponownie i włączeniu:

 

 

All processes killed
========== OTL ==========
Process PirritUpdater.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
D:\Program Files (x86)\Free Download Manager\iefdm2.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
========== FILES ==========
C:\Windows\Temp\PirritUpdater.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Krystian
->Temp folder emptied: 138996249 bytes
->Temporary Internet Files folder emptied: 45131720 bytes
->Java cache emptied: 31735719 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 34065 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29880288 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43259104 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 276,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06072014_151019

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

OTL=

 

OTL logfile created on: 2014-06-07 15:26:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krystian\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,72% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 196,06 Gb Total Space | 105,17 Gb Free Space | 53,64% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 264,46 Gb Free Space | 90,27% Space Free | Partition Type: NTFS
Drive E: | 442,38 Gb Total Space | 399,00 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive G: | 769,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: GRZESIU | User Name: Krystian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-06-07 15:25:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krystian\Downloads\OTL.exe
PRC - [2014-06-07 15:15:50 | 002,214,549 | ---- | M] ( ) -- C:\Windows\Temp\PirritUpdater.exe
PRC - [2014-06-05 20:35:25 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-06-03 14:31:25 | 046,784,632 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
PRC - [2014-06-03 14:31:25 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014-04-19 08:21:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-04-19 08:21:00 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014-01-10 15:58:54 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe
PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-07-30 15:13:20 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2010-07-29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-02-03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe


========== Modules (No Company Name) ==========

MOD - [2014-06-03 14:31:25 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
MOD - [2014-06-03 14:31:23 | 000,957,048 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\ffmpegsumo.dll
MOD - [2014-06-03 14:31:23 | 000,877,176 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\libglesv2.dll
MOD - [2014-06-03 14:31:23 | 000,135,800 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\libegl.dll
MOD - [2014-05-14 20:51:07 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014-04-08 14:18:32 | 008,889,512 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office15\1033\GrooveIntlResource.dll
MOD - [2014-01-05 17:46:03 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009-09-30 13:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009-03-19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009-03-19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009-01-15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [1998-10-31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014-04-19 08:21:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014-04-19 08:21:00 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-08-10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009-08-10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-05-29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014-05-14 20:51:08 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014-02-28 22:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014-01-10 15:58:54 | 000,055,296 | ---- | M] () [Auto | Start_Pending] -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe -- (PirritUpdater)
SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-07-29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014-06-07 15:16:26 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014-05-12 14:13:32 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014-05-12 14:13:32 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014-05-12 14:13:32 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-05-12 14:13:32 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014-05-06 18:06:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014-04-19 08:21:20 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-04-19 08:21:20 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-04-19 08:21:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-04-19 08:21:20 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-04-19 08:21:19 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-04-17 16:04:30 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-04-20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-06-22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010-01-11 12:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009-09-19 06:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009-09-19 06:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009-09-19 06:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009-07-30 19:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Krystian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found


[2013-11-18 21:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014-06-07 13:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013-11-03 11:23:28 | 000,010,300 | R--- | M] () (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2013-11-18 21:03:11 | 000,011,404 | R--- | M] () (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected]
[2014-03-03 01:49:30 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: avast! Online Security = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: avast! Online Security = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.93_0\
CHR - Extension: Google Wallet = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\

Hosts file not found
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [WinCalendar V4] d:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe (Sapro Systems)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [WinCalendar V4] d:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe (Sapro Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6333F8E8-BBF6-4C9A-B16E-5FC08E31B264}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-12-13 23:04:47 | 000,000,175 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\configure\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\install\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-06-07 15:10:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-06-07 13:53:38 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-06-07 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-06-07 13:53:20 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014-06-07 13:53:20 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014-06-07 13:53:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-06-07 13:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-06-05 20:46:05 | 000,000,000 | ---D | C] -- C:\Users\Krystian\AppData\Roaming\WinCalendar
[2014-06-05 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WinCalendarV4
[2014-06-05 20:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sapro Systems WinCalendar V4
[2014-05-25 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Desktop\DODOWI
[2014-05-25 00:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2014-05-24 23:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2014-05-24 23:47:55 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Documents\GTA San Andreas User Files
[2014-05-24 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Desktop\MTAMTA
[2014-05-23 21:56:39 | 000,000,000 | -HSD | C] -- C:\Users\Krystian\AppData\Local\EmieUserList
[2014-05-23 21:56:39 | 000,000,000 | -HSD | C] -- C:\Users\Krystian\AppData\Local\EmieSiteList
[2014-05-20 23:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014-05-15 23:11:35 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014-05-15 23:11:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014-05-15 22:50:52 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014-05-15 22:50:51 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014-05-15 22:50:51 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014-05-15 22:50:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014-05-15 22:50:50 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014-05-15 22:50:50 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014-05-15 22:50:49 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014-05-15 22:50:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014-05-15 22:50:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014-05-15 22:50:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014-05-15 22:50:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014-05-15 22:50:48 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014-05-15 22:50:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014-05-15 22:50:48 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014-05-15 22:50:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014-05-15 22:50:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014-05-15 22:50:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014-05-15 22:50:47 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014-05-15 22:50:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014-05-15 22:50:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014-05-15 22:50:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014-05-15 22:50:47 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014-05-15 22:50:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014-05-15 22:42:00 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-15 22:41:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-05-09 18:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2014-05-09 18:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2014-05-09 18:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

========== Files - Modified Within 30 Days ==========

[2014-06-07 15:22:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-06-07 15:22:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-06-07 15:16:26 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-06-07 15:15:37 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-06-07 15:14:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-06-07 15:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-06-07 15:13:15 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2014-06-07 14:58:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-06-05 20:43:40 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\WinCalendar V4.lnk
[2014-06-03 21:05:33 | 001,670,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-06-03 21:05:33 | 000,740,422 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-06-03 21:05:33 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-06-03 21:05:33 | 000,155,996 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-06-03 21:05:33 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-25 00:04:06 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2014-05-23 21:11:30 | 000,273,240 | ---- | M] () -- C:\Users\Krystian\Desktop\muzyka-polska-1680-1260-6769.jpg
[2014-05-23 21:09:07 | 000,004,073 | ---- | M] () -- C:\Users\Krystian\Desktop\pobrany plik.jpg
[2014-05-21 15:57:14 | 000,449,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-05-20 20:37:15 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014-05-20 20:37:15 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\avast! Premier.lnk
[2014-05-16 18:44:56 | 000,000,482 | RHS- | M] () -- C:\Users\Krystian\ntuser.pol
[2014-05-14 20:51:07 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-05-14 20:51:07 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-05-12 14:13:32 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014-05-12 14:13:32 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014-05-12 14:13:32 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014-05-12 14:13:32 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014-05-12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-05-09 08:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-09 08:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2014-06-05 20:43:40 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\WinCalendar V4.lnk
[2014-05-25 00:04:06 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2014-05-23 21:10:11 | 000,273,240 | ---- | C] () -- C:\Users\Krystian\Desktop\muzyka-polska-1680-1260-6769.jpg
[2014-05-23 21:09:10 | 000,004,073 | ---- | C] () -- C:\Users\Krystian\Desktop\pobrany plik.jpg
[2014-04-24 16:53:24 | 000,009,886 | ---- | C] () -- C:\Users\Krystian\AppData\Local\recently-used.xbel
[2014-03-21 19:04:59 | 000,000,482 | RHS- | C] () -- C:\Users\Krystian\ntuser.pol
[2013-12-25 22:43:39 | 000,000,364 | ---- | C] () -- C:\Users\Krystian\SciTE.session
[2013-12-25 22:00:09 | 001,642,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-10-21 20:58:19 | 000,007,598 | ---- | C] () -- C:\Users\Krystian\AppData\Local\Resmon.ResmonCfg
[2013-10-08 15:52:35 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-10-05 20:38:06 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013-10-05 20:38:06 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013-10-05 20:38:03 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013-10-05 20:38:03 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013-10-05 20:32:42 | 000,030,942 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013-10-05 20:32:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013-10-05 20:32:20 | 000,023,167 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2

< End of report >

 

 

EXtras:

 

OTL Extras logfile created on: 2014-06-07 15:26:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krystian\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,72% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 196,06 Gb Total Space | 105,17 Gb Free Space | 53,64% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 264,46 Gb Free Space | 90,27% Space Free | Partition Type: NTFS
Drive E: | 442,38 Gb Total Space | 399,00 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive G: | 769,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: GRZESIU | User Name: Krystian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE3056B-603D-4B9B-93A5-8F3135E2FAAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{3156C6FE-3E7C-4374-AC5E-78E5C5B8B321}" = rport=10243 | protocol=6 | dir=out | app=system |
"{32573D44-FE94-4131-8C0D-0CDC6AA15D5E}" = lport=58281 | protocol=6 | dir=in | name=pando media booster |
"{434A78E2-A37C-47DE-9323-DB345E001EAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{462F5B41-C325-41B6-A67C-83F3DA11B4D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{46F599B6-F253-4060-8C22-2B9666B71004}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47A5E9E9-76CC-4526-B2B9-18CDDC45C6EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{4A225F77-61E4-44E7-9B9F-ACA45557A1A4}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio |
"{4F46CEAA-E45A-42B2-9ADF-246AA36FD62F}" = rport=139 | protocol=6 | dir=out | app=system |
"{5802BA07-FE74-4467-B08F-0D7DFF6B45F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E6E6119-1F76-4D58-95F9-8D6FC40AFDEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60BD23B2-4A4C-4579-8951-2D073D99E926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68365DF0-5645-4775-8D42-601C5ACB9495}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{828D0E71-3C8D-4F1D-8DBA-8BCDD7233F69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8590FC29-9DE5-4DD7-B80E-815BF564D083}" = lport=58281 | protocol=17 | dir=in | name=pando media booster |
"{8662EAAA-058C-48AF-AE5C-1495F765B923}" = rport=138 | protocol=17 | dir=out | app=system |
"{940C1200-FF8A-4D73-A421-24C54C5361B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{9F3E26BF-3A7D-4061-B198-75437C2167C7}" = lport=58281 | protocol=17 | dir=in | name=pando media booster |
"{AA194EDD-D915-404F-BFBE-31994A2861F2}" = lport=58281 | protocol=6 | dir=in | name=pando media booster |
"{B3B5AC7F-520B-4C08-A0E9-C309B7220AEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4453196-F698-425C-84AA-FDAAF320FAD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C830E2C7-E5E8-4F3E-8DA5-7B4AAC80E3C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CB86443C-1035-44F7-BD2B-1EA9A0F89028}" = lport=137 | protocol=17 | dir=in | app=system |
"{DFECFEB1-A162-4148-A7EA-F9706F838D21}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EC439729-3ECA-4649-B75E-7FC5A6B18601}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE695747-04E3-488F-8617-FA127B3A768D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFD8FC2B-30AA-4ECD-ACAD-CAB7E328B286}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BC6188-B69F-483E-86BE-33C82559480B}" = protocol=17 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"{0AEC06D5-5913-4438-942B-67DF682B046D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BAD1EFF-E75B-4666-A240-0E79A6C3ABA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1327844D-BD63-40C1-9A6A-9767D01CD067}" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"{206B7893-795A-4FC0-8DAC-84F36BA3E722}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D4E934B-9145-4BED-9B03-586DD1AED4D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B02AEC1-5489-48A1-84B4-0898B4D8E3AE}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa 14 demo\game\fifa14_demo.exe |
"{3BA61608-45FB-46BF-8201-A2B3436EBF64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E02C71C-C024-4601-B96F-E3AA8BEEEFF4}" = protocol=58 | dir=in | [email protected],-28545 |
"{4770243B-C2BA-4A87-ADB6-0AADB1A4AD31}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4805FB51-1134-44AB-96E8-08B9D6ED586C}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{4B329CC3-A821-4227-9E68-CC1B0AF184B6}" = protocol=17 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"{4D12E5D9-910B-4A73-9036-451B4F3821F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{5207DC69-760E-471A-8EA1-5E961D6BC639}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5669FBA1-4C06-4D82-ADA9-F1C57F251FF0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{5799AF98-6315-4CD7-8B49-14A6A83B8B47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{63405EDE-7307-42AD-8201-674204A76B8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{637C8DA0-C2E8-4F77-91C3-08EDBB7AAD1B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{6DEC3B07-BBB3-42E2-B769-510E2E8E6D04}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{714B3032-BA76-47D7-8F00-E03FD29ADEE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75332440-E5E8-494C-8AFD-F5CE26B66869}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{7D6F8AA9-FF9D-4429-9468-FD4D515D9F18}" = protocol=6 | dir=out | app=system |
"{7E49E583-5C9A-4C41-A59C-478E7ECF4E10}" = protocol=6 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"{8303A7CA-40C7-43DB-AF3C-9B59B0B8CFF0}" = protocol=17 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"{86A92765-77E8-41CF-A009-940AF3D1F790}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{8B8483E6-B130-4CEC-8DD4-E1F0CE0024E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C2F609D-CD89-40CC-A386-43A049B7D80D}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"{A00C0931-A82A-40EC-AAD2-A9A1F5376C3E}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe |
"{A1B0A912-9C7F-472A-8043-A1F3159F3C4D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1C1B06B-45A0-49D1-8BBD-2D49F19A893A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{A75C0A65-8F75-43E7-9E6E-22F49A717B17}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB1453C2-5D78-4BF2-A918-E8592922EA49}" = protocol=6 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"{AD5E6F1B-CFEF-4799-AC16-57E73C17CEFA}" = protocol=6 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"{ADD8531A-DBE7-474A-8350-B74871C745C4}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{B4C6834C-9432-4E0B-83C3-9B23F97B9B39}" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"{B6B494DE-4895-4203-862B-51BE57B29354}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"{BCB1C6CF-7BC2-4F10-8630-FBFC51B9C430}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"{C41014B7-FA2C-4152-8A64-785DE08B8DD8}" = protocol=1 | dir=in | [email protected],-28543 |
"{C71752A3-7F8D-4306-A4EB-DDAA4D28A1FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0F75CD1-4565-4F3D-AAED-BE13476B4623}" = protocol=6 | dir=in | app=d:\program files (x86)\gameforgelive\gfl_client.exe |
"{D38489E4-297D-48F9-B641-00AED0D1A039}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5605AB9-15BC-4C8B-A40B-DDB7ABAE3568}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{D5AE1286-55F9-48ED-86A5-EED9E499B3E7}" = protocol=1 | dir=out | [email protected],-28544 |
"{D776EAC2-9897-48E7-8990-850D89E12A0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC3014FB-CF39-4C6F-B904-D7FA527B671A}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe |
"{DD35929D-1095-4524-BA0F-F1ADCC099522}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"{DEBEE6B0-C381-42D4-B879-FB0EB5AAAD81}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF33E81E-B29B-4669-A51E-0A034E4D1982}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"{E5231AC4-CE99-4EDF-8974-D9670646ABD5}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa 14 demo\game\fifa14_demo.exe |
"{EF171A6E-AE42-4D11-A50F-7B8F459EB60C}" = protocol=58 | dir=out | [email protected],-28546 |
"{F2CB96C3-0749-49C2-81B6-B9D2587F37F9}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"TCP Query User{0BCD0C3F-9E67-4BAC-A1D0-D4B89905E708}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"TCP Query User{1B4E6634-A938-4119-A334-7366E1805F05}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=6 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"TCP Query User{3C586957-D370-4A50-B272-38537E7EA700}E:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe" = protocol=6 | dir=in | app=e:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe |
"TCP Query User{40E8E3B3-D3B6-4003-8B2D-C3FDF2B1B725}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=6 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"TCP Query User{44DDD116-3627-47A3-8AA7-4A25FF1CAF06}E:\program files\mailshare\downloads\gta san andreas\mta server.exe" = protocol=6 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas\mta server.exe |
"TCP Query User{4570FF10-D21D-48FE-AC8D-F6F174170930}E:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=e:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{568B6FB6-BA19-4BFC-8D2C-81211483EA25}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{597C0DF3-B6AE-433F-AA45-8AFA118888F5}E:\tavia mt2\tavia - klient gry\tavia.eu.exe" = protocol=6 | dir=in | app=e:\tavia mt2\tavia - klient gry\tavia.eu.exe |
"TCP Query User{5E4426EB-90CD-4E80-BAEA-4E183DA956BF}C:\users\krystian\desktop\nowy folder\astard\astard\astard.exe" = protocol=6 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"TCP Query User{68246C17-A7C9-45A0-A669-18C477BB39F7}C:\users\krystian\desktop\mtamta\server\mta server.exe" = protocol=6 | dir=in | app=c:\users\krystian\desktop\mtamta\server\mta server.exe |
"TCP Query User{6AE719C7-D0BE-4290-AEEF-57E2A23F5497}C:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe" = protocol=6 | dir=in | app=c:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe |
"TCP Query User{7AC84911-D8C7-4ED8-B81C-929673B17F78}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{ACABC448-128D-4B3A-BCF6-36EADB20162B}E:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe" = protocol=6 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe |
"TCP Query User{B65233E0-3D8F-4E88-AA00-85E1D2645B7B}D:\program files (x86)\klient 4death.pl\4death.pl.exe" = protocol=6 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"TCP Query User{D003A42F-4FF2-4F8F-84A5-F1E6CBD8D989}C:\users\krystian\downloads\astivia (1)\astivia\astivia.exe" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"TCP Query User{D65D03EC-7093-4675-B63E-25A13EEB45E7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{DB132232-59EC-44C3-BFEB-B3C883E74681}C:\users\krystian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E29D4B43-3DF2-4C27-B89D-937B478A16AA}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=6 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"TCP Query User{E3EF301D-FD88-4559-A784-CEF4FCFD4C28}E:\steam\steamapps\common\half-life\hl.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"TCP Query User{E5F30262-1ACC-49A4-83A0-D08303A5EFCB}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"TCP Query User{F684A5BF-85B9-48F6-939B-B88683E28461}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=6 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"UDP Query User{097ACF3F-D81A-437C-AB23-35190676AD60}C:\users\krystian\desktop\mtamta\server\mta server.exe" = protocol=17 | dir=in | app=c:\users\krystian\desktop\mtamta\server\mta server.exe |
"UDP Query User{1BAD9559-60FC-4429-9B7F-7F614436F2F0}C:\users\krystian\desktop\nowy folder\astard\astard\astard.exe" = protocol=17 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"UDP Query User{270FC455-8FD0-4BC9-93EB-2EBE553F137D}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=17 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"UDP Query User{3038E1D8-3A2B-42CC-9A61-0C069CEA6CAB}E:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe" = protocol=17 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe |
"UDP Query User{3F1326E6-505E-4260-A9B1-52FDB2C46A79}D:\program files (x86)\klient 4death.pl\4death.pl.exe" = protocol=17 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"UDP Query User{420D0A65-F23E-4E8E-96BC-F72830EF6B05}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=17 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"UDP Query User{466B6B7D-C355-4B7C-9CFC-1768D5CE1557}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{46D8AF36-B925-4AF8-BA35-A64EB59DBE36}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{47B8C30A-1563-44EB-A466-22F14824BEFC}E:\tavia mt2\tavia - klient gry\tavia.eu.exe" = protocol=17 | dir=in | app=e:\tavia mt2\tavia - klient gry\tavia.eu.exe |
"UDP Query User{5DCF38D3-CF94-423F-8EB7-0825952290FF}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"UDP Query User{801628F4-8A3D-4F26-8F03-03D18DBB425E}E:\steam\steamapps\common\half-life\hl.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"UDP Query User{9E36F041-116A-4B3D-AB16-1157F68F73E1}C:\users\krystian\downloads\astivia (1)\astivia\astivia.exe" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"UDP Query User{ACE71E99-EB61-470B-AD79-7795110A833E}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=17 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"UDP Query User{B1FCFF4A-A7F4-4F50-94A1-C516A34AFADB}E:\program files\mailshare\downloads\gta san andreas\mta server.exe" = protocol=17 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas\mta server.exe |
"UDP Query User{B2681FD2-BEB3-4754-8BF2-CF9B4F13A0DC}C:\users\krystian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C8EA25B5-8810-4E53-8079-458EC279D943}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{C9A6C5C4-CA92-4559-9D03-6CC87424C3CE}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"UDP Query User{D9D60D3A-F16C-4DC6-9744-CD0299C0226D}E:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe" = protocol=17 | dir=in | app=e:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe |
"UDP Query User{EF56D317-DDAB-4792-B0C3-40FB7114B631}C:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe" = protocol=17 | dir=in | app=c:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe |
"UDP Query User{EFC82860-25E8-4CDF-85B8-64C8F6091234}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=17 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"UDP Query User{F04BBA59-4B2A-44C7-B9ED-FCD05D1B5CA8}E:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=e:\programdata\electronic arts\need for speed world\data\nfsw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5846E720-C188-478F-B501-45EA1ACC44D1}_is1" = MailShare
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski)
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.6
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.1.4
"WinRAR archiver" = WinRAR 4.20 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1330926C-251C-414E-A681-F8CEF84899BC}" = Dawngate
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{29ED28E7-C3D6-43F7-A821-E5D0867DE47F}" = eJay Techno 5
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4b0c178f-1f4d-47bc-b20e-bcd543b39e1a}" = Nero 9 Lite
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends
"{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7A6577E7-F341-430F-9173-91E14E2DE270}" = FIFA 14 Demo
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.7.5
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}" = EA Sports FIFA World
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.10.0 "Legend"
"{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1" = War Inc Battlezone version 1.0.0
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7727F03-5311-4A12-9A63-2ACD20BA0497}" = Camtasia Studio 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Polish
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D5913A68-1D92-4CB7-857A-1A45447878A3}_is1" = Klient 4Death.pl wersja 1.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Premier
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Drakensang Online" = Drakensang Online
"Free Download Manager_is1" = Free Download Manager 3.9.3
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"InstallShield_{29ED28E7-C3D6-43F7-A821-E5D0867DE47F}" = eJay Techno 5
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.0.2.1012
"Metin2_is1" = Metin2
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"MTA:SA 1.3" = MTA:SA v1.3.5
"MySSID_is1" = EXPERTool 7.12
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 22.0.1471.50" = Opera Stable 22.0.1471.50
"Origin" = Origin
"Steam App 10" = Counter-Strike
"Steam App 63380" = Sniper Elite V2
"Szkoła podstawowa klasa 6 - Dzień dobry historio!" = Szkoła podstawowa klasa 6 - Dzień dobry historio!
"WinCalendar V4" = WinCalendar V4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Litecoin" = Litecoin
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2014-06-03 17:29:35 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-03 17:29:36 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-04 17:57:15 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-04 17:57:16 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-05 17:49:19 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-05 17:49:19 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-06 09:07:54 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-06 09:07:54 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-06 18:02:48 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-06 18:02:48 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-07 05:06:30 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-07 05:06:31 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 2014-02-05 13:10:41 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.

Error - 2014-02-06 09:49:33 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Wsys Service z powodu następującego błędu:
%%2

Error - 2014-02-06 09:49:40 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

Error - 2014-02-06 09:51:22 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.

Error - 2014-02-06 11:44:16 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Wsys Service z powodu następującego błędu:
%%2

Error - 2014-02-06 11:44:19 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

Error - 2014-02-06 11:46:01 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.

Error - 2014-02-07 02:49:46 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Wsys Service z powodu następującego błędu:
%%2

Error - 2014-02-07 02:49:48 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

Error - 2014-02-07 02:51:28 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.


< End of report >

 

Jakby nie było jutra, jakby nie istniał czas, chwila to dziś sekunda, ale zegar dawno już zgasł...

Trzyma przy sobie nas tylko wspomnienie tego, jak było tu nam na początku

 

4875_blue.png [*] 30.09.2016r. [*] 9368_gold.png

 

 

 

 

kopyteczkoo Mentor

kopyteczkoo

Opublikowano
Mentor

kopyteczkoo

  • Autor
Opublikowano

Czy ja pobierałem syf? Same potrzebne rzeczy :D

 

Dziękuję wszystkim za pomoc :) 

Temat do zamknięcia i usunięcia.

Jakby nie było jutra, jakby nie istniał czas, chwila to dziś sekunda, ale zegar dawno już zgasł...

Trzyma przy sobie nas tylko wspomnienie tego, jak było tu nam na początku

 

4875_blue.png [*] 30.09.2016r. [*] 9368_gold.png

 

 

 

 

kopyteczkoo Mentor

kopyteczkoo

Opublikowano
Mentor

kopyteczkoo

  • Autor
Opublikowano

LOG :

 

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.

OTL by OldTimer - Version 3.2.69.0 log created on 06072014_165909

Files\Folders moved on Reboot...
File\Folder G:\autorun.inf not found!
File\Folder G:\setup.exe not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

I teraz nei bd miał już malware? Jezeli tak to dzięki :D

 

Takie pytanie ile się tego wszystkiego uczyłeś?

Jakby nie było jutra, jakby nie istniał czas, chwila to dziś sekunda, ale zegar dawno już zgasł...

Trzyma przy sobie nas tylko wspomnienie tego, jak było tu nam na początku

 

4875_blue.png [*] 30.09.2016r. [*] 9368_gold.png

 

 

 

 

kopyteczkoo Mentor

kopyteczkoo

Opublikowano
Mentor

kopyteczkoo

  • Autor
Opublikowano

Spokojnie, nie denerwuj się.

 

Program ten nie jest przeznaczony dla platformy 64-bit. = Nie wstawię Gmera

 

OTL (Bardzo długie)

 

OTL logfile created on: 2014-06-07 14:27:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krystian\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 40,07% Memory free
8,00 Gb Paging File | 4,95 Gb Available in Paging File | 61,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 196,06 Gb Total Space | 104,91 Gb Free Space | 53,51% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 264,46 Gb Free Space | 90,27% Space Free | Partition Type: NTFS
Drive E: | 442,38 Gb Total Space | 399,00 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive G: | 769,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: GRZESIU | User Name: Krystian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-06-07 14:26:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krystian\Downloads\OTL.exe
PRC - [2014-06-07 13:43:38 | 002,214,549 | ---- | M] ( ) -- C:\Windows\Temp\PirritUpdater.exe
PRC - [2014-06-05 20:35:25 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-06-03 14:31:25 | 046,784,632 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
PRC - [2014-06-03 14:31:25 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014-04-19 08:21:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-04-19 08:21:00 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014-01-10 15:58:54 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe
PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-07-30 15:13:20 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2010-07-29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-02-03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe


========== Modules (No Company Name) ==========

MOD - [2014-06-03 14:31:25 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
MOD - [2014-06-03 14:31:23 | 000,957,048 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\ffmpegsumo.dll
MOD - [2014-06-03 14:31:23 | 000,877,176 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\libglesv2.dll
MOD - [2014-06-03 14:31:23 | 000,135,800 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\libegl.dll
MOD - [2014-05-14 20:51:07 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014-04-08 14:18:32 | 008,889,512 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office15\1033\GrooveIntlResource.dll
MOD - [2014-01-05 17:46:03 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009-09-30 13:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009-03-25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009-03-19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009-03-19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009-01-15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [1998-10-31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014-04-19 08:21:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014-04-19 08:21:00 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-08-10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009-08-10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-05-29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014-05-14 20:51:08 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014-02-28 22:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014-01-10 15:58:54 | 000,055,296 | ---- | M] () [Auto | Start_Pending] -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe -- (PirritUpdater)
SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-07-29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014-06-07 14:21:38 | 000,079,064 | ---- | M] (Malwarebytes Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\wkgikga.sys -- (tssf)
DRV:64bit: - [2014-06-07 13:59:14 | 000,079,064 | ---- | M] (Malwarebytes Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\uuviid.sys -- (xfdlg)
DRV:64bit: - [2014-06-07 13:54:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014-05-12 14:13:32 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014-05-12 14:13:32 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014-05-12 14:13:32 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-05-12 14:13:32 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014-05-06 18:06:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014-04-19 08:21:20 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-04-19 08:21:20 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-04-19 08:21:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-04-19 08:21:20 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-04-19 08:21:19 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-04-17 16:04:30 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-04-20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-06-22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010-01-11 12:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009-09-19 06:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009-09-19 06:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009-09-19 06:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009-07-30 19:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Krystian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found


[2013-11-18 21:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014-06-07 13:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013-11-03 11:23:28 | 000,010,300 | R--- | M] () (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2013-11-18 21:03:11 | 000,011,404 | R--- | M] () (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected]
[2014-03-03 01:49:30 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: avast! Online Security = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: avast! Online Security = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.93_0\
CHR - Extension: Google Wallet = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\

Hosts file not found
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [WinCalendar V4] d:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe (Sapro Systems)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Krystian\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [WinCalendar V4] d:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe (Sapro Systems)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6333F8E8-BBF6-4C9A-B16E-5FC08E31B264}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-12-13 23:04:47 | 000,000,175 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\configure\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\install\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-06-07 14:21:38 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\wkgikga.sys
[2014-06-07 13:59:14 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\uuviid.sys
[2014-06-07 13:53:38 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-06-07 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-06-07 13:53:20 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014-06-07 13:53:20 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014-06-07 13:53:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-06-07 13:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-06-05 20:46:05 | 000,000,000 | ---D | C] -- C:\Users\Krystian\AppData\Roaming\WinCalendar
[2014-06-05 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WinCalendarV4
[2014-06-05 20:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sapro Systems WinCalendar V4
[2014-05-25 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Desktop\DODOWI
[2014-05-25 00:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2014-05-24 23:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2014-05-24 23:47:55 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Documents\GTA San Andreas User Files
[2014-05-24 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Desktop\MTAMTA
[2014-05-23 21:56:39 | 000,000,000 | -HSD | C] -- C:\Users\Krystian\AppData\Local\EmieUserList
[2014-05-23 21:56:39 | 000,000,000 | -HSD | C] -- C:\Users\Krystian\AppData\Local\EmieSiteList
[2014-05-20 23:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014-05-15 23:11:35 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014-05-15 23:11:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014-05-15 22:50:52 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014-05-15 22:50:51 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014-05-15 22:50:51 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014-05-15 22:50:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014-05-15 22:50:50 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014-05-15 22:50:50 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014-05-15 22:50:49 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014-05-15 22:50:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014-05-15 22:50:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014-05-15 22:50:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014-05-15 22:50:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014-05-15 22:50:48 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014-05-15 22:50:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014-05-15 22:50:48 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014-05-15 22:50:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014-05-15 22:50:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014-05-15 22:50:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014-05-15 22:50:47 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014-05-15 22:50:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014-05-15 22:50:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014-05-15 22:50:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014-05-15 22:50:47 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014-05-15 22:50:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014-05-15 22:42:00 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-15 22:41:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-05-09 18:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2014-05-09 18:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2014-05-09 18:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014-06-07 14:21:38 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\wkgikga.sys
[2014-06-07 14:15:25 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-06-07 13:59:14 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\uuviid.sys
[2014-06-07 13:58:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-06-07 13:54:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-06-07 13:50:48 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-06-07 13:50:48 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-06-07 13:41:45 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-06-07 13:41:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-06-07 13:41:07 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2014-06-05 20:43:40 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\WinCalendar V4.lnk
[2014-06-03 21:05:33 | 001,670,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-06-03 21:05:33 | 000,740,422 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-06-03 21:05:33 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-06-03 21:05:33 | 000,155,996 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-06-03 21:05:33 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-25 00:04:06 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2014-05-23 21:11:30 | 000,273,240 | ---- | M] () -- C:\Users\Krystian\Desktop\muzyka-polska-1680-1260-6769.jpg
[2014-05-23 21:09:07 | 000,004,073 | ---- | M] () -- C:\Users\Krystian\Desktop\pobrany plik.jpg
[2014-05-21 15:57:14 | 000,449,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-05-20 20:37:15 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014-05-20 20:37:15 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\avast! Premier.lnk
[2014-05-16 18:44:56 | 000,000,482 | RHS- | M] () -- C:\Users\Krystian\ntuser.pol
[2014-05-14 20:51:07 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-05-14 20:51:07 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-05-12 14:13:32 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014-05-12 14:13:32 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014-05-12 14:13:32 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014-05-12 14:13:32 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014-05-12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-05-09 08:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-09 08:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014-06-05 20:43:40 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\WinCalendar V4.lnk
[2014-05-25 00:04:06 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2014-05-23 21:10:11 | 000,273,240 | ---- | C] () -- C:\Users\Krystian\Desktop\muzyka-polska-1680-1260-6769.jpg
[2014-05-23 21:09:10 | 000,004,073 | ---- | C] () -- C:\Users\Krystian\Desktop\pobrany plik.jpg
[2014-04-24 16:53:24 | 000,009,886 | ---- | C] () -- C:\Users\Krystian\AppData\Local\recently-used.xbel
[2014-03-21 19:04:59 | 000,000,482 | RHS- | C] () -- C:\Users\Krystian\ntuser.pol
[2013-12-25 22:43:39 | 000,000,364 | ---- | C] () -- C:\Users\Krystian\SciTE.session
[2013-12-25 22:00:09 | 001,642,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-10-21 20:58:19 | 000,007,598 | ---- | C] () -- C:\Users\Krystian\AppData\Local\Resmon.ResmonCfg
[2013-10-08 15:52:35 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-10-05 20:38:06 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013-10-05 20:38:06 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013-10-05 20:38:03 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013-10-05 20:38:03 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013-10-05 20:32:42 | 000,030,942 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013-10-05 20:32:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013-10-05 20:32:20 | 000,023,167 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014-06-01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\.minecraft
[2014-06-01 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\.minecraftzyczu
[2013-10-24 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\.mono
[2014-01-05 17:48:55 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\AVAST Software
[2013-10-22 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Awesomium
[2014-01-02 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\BANDISOFT
[2014-05-06 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\DAEMON Tools Lite
[2014-03-16 15:31:22 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\DawngateData
[2014-03-02 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\DeviceVm
[2013-11-08 15:33:50 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\FlvtoConverter
[2014-05-04 13:01:40 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Free Download Manager
[2013-11-13 18:03:46 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\ImgBurn
[2013-12-28 01:19:49 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Litecoin
[2013-10-06 21:09:04 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\LolClient
[2014-05-04 17:29:49 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Mouse Recorder Pro
[2013-11-23 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Need for Speed World
[2013-10-05 21:12:23 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Opera Software
[2014-05-03 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Origin
[2013-11-03 11:23:32 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Pirrit
[2013-10-05 22:43:14 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Riot Games
[2014-01-02 22:31:57 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\TechSmith
[2014-01-24 00:00:31 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Thinstall
[2014-01-17 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\TS3Client
[2013-10-24 15:35:50 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\Unity
[2014-06-05 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Krystian\AppData\Roaming\WinCalendar

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2

< End of report >

 

 

Extase (czy jakoś tak Z tego samego programu)

 

 

OTL Extras logfile created on: 2014-06-07 14:27:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krystian\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 40,07% Memory free
8,00 Gb Paging File | 4,95 Gb Available in Paging File | 61,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 196,06 Gb Total Space | 104,91 Gb Free Space | 53,51% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 264,46 Gb Free Space | 90,27% Space Free | Partition Type: NTFS
Drive E: | 442,38 Gb Total Space | 399,00 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive G: | 769,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: GRZESIU | User Name: Krystian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE3056B-603D-4B9B-93A5-8F3135E2FAAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{3156C6FE-3E7C-4374-AC5E-78E5C5B8B321}" = rport=10243 | protocol=6 | dir=out | app=system |
"{32573D44-FE94-4131-8C0D-0CDC6AA15D5E}" = lport=58281 | protocol=6 | dir=in | name=pando media booster |
"{434A78E2-A37C-47DE-9323-DB345E001EAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{462F5B41-C325-41B6-A67C-83F3DA11B4D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{46F599B6-F253-4060-8C22-2B9666B71004}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47A5E9E9-76CC-4526-B2B9-18CDDC45C6EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{4A225F77-61E4-44E7-9B9F-ACA45557A1A4}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio |
"{4F46CEAA-E45A-42B2-9ADF-246AA36FD62F}" = rport=139 | protocol=6 | dir=out | app=system |
"{5802BA07-FE74-4467-B08F-0D7DFF6B45F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E6E6119-1F76-4D58-95F9-8D6FC40AFDEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60BD23B2-4A4C-4579-8951-2D073D99E926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68365DF0-5645-4775-8D42-601C5ACB9495}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{828D0E71-3C8D-4F1D-8DBA-8BCDD7233F69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8590FC29-9DE5-4DD7-B80E-815BF564D083}" = lport=58281 | protocol=17 | dir=in | name=pando media booster |
"{8662EAAA-058C-48AF-AE5C-1495F765B923}" = rport=138 | protocol=17 | dir=out | app=system |
"{940C1200-FF8A-4D73-A421-24C54C5361B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{9F3E26BF-3A7D-4061-B198-75437C2167C7}" = lport=58281 | protocol=17 | dir=in | name=pando media booster |
"{AA194EDD-D915-404F-BFBE-31994A2861F2}" = lport=58281 | protocol=6 | dir=in | name=pando media booster |
"{B3B5AC7F-520B-4C08-A0E9-C309B7220AEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4453196-F698-425C-84AA-FDAAF320FAD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C830E2C7-E5E8-4F3E-8DA5-7B4AAC80E3C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CB86443C-1035-44F7-BD2B-1EA9A0F89028}" = lport=137 | protocol=17 | dir=in | app=system |
"{DFECFEB1-A162-4148-A7EA-F9706F838D21}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EC439729-3ECA-4649-B75E-7FC5A6B18601}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE695747-04E3-488F-8617-FA127B3A768D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFD8FC2B-30AA-4ECD-ACAD-CAB7E328B286}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BC6188-B69F-483E-86BE-33C82559480B}" = protocol=17 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"{0AEC06D5-5913-4438-942B-67DF682B046D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BAD1EFF-E75B-4666-A240-0E79A6C3ABA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1327844D-BD63-40C1-9A6A-9767D01CD067}" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"{206B7893-795A-4FC0-8DAC-84F36BA3E722}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D4E934B-9145-4BED-9B03-586DD1AED4D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B02AEC1-5489-48A1-84B4-0898B4D8E3AE}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa 14 demo\game\fifa14_demo.exe |
"{3BA61608-45FB-46BF-8201-A2B3436EBF64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E02C71C-C024-4601-B96F-E3AA8BEEEFF4}" = protocol=58 | dir=in | [email protected],-28545 |
"{4770243B-C2BA-4A87-ADB6-0AADB1A4AD31}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4805FB51-1134-44AB-96E8-08B9D6ED586C}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{4B329CC3-A821-4227-9E68-CC1B0AF184B6}" = protocol=17 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"{4D12E5D9-910B-4A73-9036-451B4F3821F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{5207DC69-760E-471A-8EA1-5E961D6BC639}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5669FBA1-4C06-4D82-ADA9-F1C57F251FF0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{5799AF98-6315-4CD7-8B49-14A6A83B8B47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{63405EDE-7307-42AD-8201-674204A76B8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{637C8DA0-C2E8-4F77-91C3-08EDBB7AAD1B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{6DEC3B07-BBB3-42E2-B769-510E2E8E6D04}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{714B3032-BA76-47D7-8F00-E03FD29ADEE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75332440-E5E8-494C-8AFD-F5CE26B66869}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{7D6F8AA9-FF9D-4429-9468-FD4D515D9F18}" = protocol=6 | dir=out | app=system |
"{7E49E583-5C9A-4C41-A59C-478E7ECF4E10}" = protocol=6 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"{8303A7CA-40C7-43DB-AF3C-9B59B0B8CFF0}" = protocol=17 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"{86A92765-77E8-41CF-A009-940AF3D1F790}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{8B8483E6-B130-4CEC-8DD4-E1F0CE0024E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C2F609D-CD89-40CC-A386-43A049B7D80D}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"{A00C0931-A82A-40EC-AAD2-A9A1F5376C3E}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe |
"{A1B0A912-9C7F-472A-8043-A1F3159F3C4D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1C1B06B-45A0-49D1-8BBD-2D49F19A893A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{A75C0A65-8F75-43E7-9E6E-22F49A717B17}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB1453C2-5D78-4BF2-A918-E8592922EA49}" = protocol=6 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"{AD5E6F1B-CFEF-4799-AC16-57E73C17CEFA}" = protocol=6 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"{ADD8531A-DBE7-474A-8350-B74871C745C4}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{B4C6834C-9432-4E0B-83C3-9B23F97B9B39}" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"{B6B494DE-4895-4203-862B-51BE57B29354}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"{BCB1C6CF-7BC2-4F10-8630-FBFC51B9C430}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"{C41014B7-FA2C-4152-8A64-785DE08B8DD8}" = protocol=1 | dir=in | [email protected],-28543 |
"{C71752A3-7F8D-4306-A4EB-DDAA4D28A1FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0F75CD1-4565-4F3D-AAED-BE13476B4623}" = protocol=6 | dir=in | app=d:\program files (x86)\gameforgelive\gfl_client.exe |
"{D38489E4-297D-48F9-B641-00AED0D1A039}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5605AB9-15BC-4C8B-A40B-DDB7ABAE3568}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{D5AE1286-55F9-48ED-86A5-EED9E499B3E7}" = protocol=1 | dir=out | [email protected],-28544 |
"{D776EAC2-9897-48E7-8990-850D89E12A0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC3014FB-CF39-4C6F-B904-D7FA527B671A}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe |
"{DD35929D-1095-4524-BA0F-F1ADCC099522}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"{DEBEE6B0-C381-42D4-B879-FB0EB5AAAD81}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF33E81E-B29B-4669-A51E-0A034E4D1982}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"{E5231AC4-CE99-4EDF-8974-D9670646ABD5}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa 14 demo\game\fifa14_demo.exe |
"{EF171A6E-AE42-4D11-A50F-7B8F459EB60C}" = protocol=58 | dir=out | [email protected],-28546 |
"{F2CB96C3-0749-49C2-81B6-B9D2587F37F9}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe |
"TCP Query User{0BCD0C3F-9E67-4BAC-A1D0-D4B89905E708}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"TCP Query User{1B4E6634-A938-4119-A334-7366E1805F05}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=6 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"TCP Query User{3C586957-D370-4A50-B272-38537E7EA700}E:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe" = protocol=6 | dir=in | app=e:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe |
"TCP Query User{40E8E3B3-D3B6-4003-8B2D-C3FDF2B1B725}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=6 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"TCP Query User{44DDD116-3627-47A3-8AA7-4A25FF1CAF06}E:\program files\mailshare\downloads\gta san andreas\mta server.exe" = protocol=6 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas\mta server.exe |
"TCP Query User{4570FF10-D21D-48FE-AC8D-F6F174170930}E:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=e:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{568B6FB6-BA19-4BFC-8D2C-81211483EA25}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{597C0DF3-B6AE-433F-AA45-8AFA118888F5}E:\tavia mt2\tavia - klient gry\tavia.eu.exe" = protocol=6 | dir=in | app=e:\tavia mt2\tavia - klient gry\tavia.eu.exe |
"TCP Query User{5E4426EB-90CD-4E80-BAEA-4E183DA956BF}C:\users\krystian\desktop\nowy folder\astard\astard\astard.exe" = protocol=6 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"TCP Query User{68246C17-A7C9-45A0-A669-18C477BB39F7}C:\users\krystian\desktop\mtamta\server\mta server.exe" = protocol=6 | dir=in | app=c:\users\krystian\desktop\mtamta\server\mta server.exe |
"TCP Query User{6AE719C7-D0BE-4290-AEEF-57E2A23F5497}C:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe" = protocol=6 | dir=in | app=c:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe |
"TCP Query User{7AC84911-D8C7-4ED8-B81C-929673B17F78}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{ACABC448-128D-4B3A-BCF6-36EADB20162B}E:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe" = protocol=6 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe |
"TCP Query User{B65233E0-3D8F-4E88-AA00-85E1D2645B7B}D:\program files (x86)\klient 4death.pl\4death.pl.exe" = protocol=6 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"TCP Query User{D003A42F-4FF2-4F8F-84A5-F1E6CBD8D989}C:\users\krystian\downloads\astivia (1)\astivia\astivia.exe" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"TCP Query User{D65D03EC-7093-4675-B63E-25A13EEB45E7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{DB132232-59EC-44C3-BFEB-B3C883E74681}C:\users\krystian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E29D4B43-3DF2-4C27-B89D-937B478A16AA}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=6 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"TCP Query User{E3EF301D-FD88-4559-A784-CEF4FCFD4C28}E:\steam\steamapps\common\half-life\hl.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"TCP Query User{E5F30262-1ACC-49A4-83A0-D08303A5EFCB}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=6 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"TCP Query User{F684A5BF-85B9-48F6-939B-B88683E28461}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=6 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"UDP Query User{097ACF3F-D81A-437C-AB23-35190676AD60}C:\users\krystian\desktop\mtamta\server\mta server.exe" = protocol=17 | dir=in | app=c:\users\krystian\desktop\mtamta\server\mta server.exe |
"UDP Query User{1BAD9559-60FC-4429-9B7F-7F614436F2F0}C:\users\krystian\desktop\nowy folder\astard\astard\astard.exe" = protocol=17 | dir=in | app=c:\users\krystian\desktop\nowy folder\astard\astard\astard.exe |
"UDP Query User{270FC455-8FD0-4BC9-93EB-2EBE553F137D}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=17 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"UDP Query User{3038E1D8-3A2B-42CC-9A61-0C069CEA6CAB}E:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe" = protocol=17 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas [reepack]\gta san andreas\mta server.exe |
"UDP Query User{3F1326E6-505E-4260-A9B1-52FDB2C46A79}D:\program files (x86)\klient 4death.pl\4death.pl.exe" = protocol=17 | dir=in | app=d:\program files (x86)\klient 4death.pl\4death.pl.exe |
"UDP Query User{420D0A65-F23E-4E8E-96BC-F72830EF6B05}E:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe" = protocol=17 | dir=in | app=e:\tavia mt2\travica.pl - klient gry\uruchom_klienta.exe |
"UDP Query User{466B6B7D-C355-4B7C-9CFC-1768D5CE1557}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{46D8AF36-B925-4AF8-BA35-A64EB59DBE36}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{47B8C30A-1563-44EB-A466-22F14824BEFC}E:\tavia mt2\tavia - klient gry\tavia.eu.exe" = protocol=17 | dir=in | app=e:\tavia mt2\tavia - klient gry\tavia.eu.exe |
"UDP Query User{5DCF38D3-CF94-423F-8EB7-0825952290FF}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"UDP Query User{801628F4-8A3D-4F26-8F03-03D18DBB425E}E:\steam\steamapps\common\half-life\hl.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\half-life\hl.exe |
"UDP Query User{9E36F041-116A-4B3D-AB16-1157F68F73E1}C:\users\krystian\downloads\astivia (1)\astivia\astivia.exe" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia (1)\astivia\astivia.exe |
"UDP Query User{ACE71E99-EB61-470B-AD79-7795110A833E}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=17 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"UDP Query User{B1FCFF4A-A7F4-4F50-94A1-C516A34AFADB}E:\program files\mailshare\downloads\gta san andreas\mta server.exe" = protocol=17 | dir=in | app=e:\program files\mailshare\downloads\gta san andreas\mta server.exe |
"UDP Query User{B2681FD2-BEB3-4754-8BF2-CF9B4F13A0DC}C:\users\krystian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\krystian\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C8EA25B5-8810-4E53-8079-458EC279D943}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{C9A6C5C4-CA92-4559-9D03-6CC87424C3CE}C:\users\krystian\downloads\astivia\astivia\astivia.exe" = protocol=17 | dir=in | app=c:\users\krystian\downloads\astivia\astivia\astivia.exe |
"UDP Query User{D9D60D3A-F16C-4DC6-9744-CD0299C0226D}E:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe" = protocol=17 | dir=in | app=e:\tavia mt2\travica.pl - klient gry - kopia\uruchom_klienta.exe |
"UDP Query User{EF56D317-DDAB-4792-B0C3-40FB7114B631}C:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe" = protocol=17 | dir=in | app=c:\users\krystian\appdata\local\electronic arts\dawngate\game\dawngate.exe |
"UDP Query User{EFC82860-25E8-4CDF-85B8-64C8F6091234}E:\tavia mt2\tavia - klient gry\start - tavia.exe" = protocol=17 | dir=in | app=e:\tavia mt2\tavia - klient gry\start - tavia.exe |
"UDP Query User{F04BBA59-4B2A-44C7-B9ED-FCD05D1B5CA8}E:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=e:\programdata\electronic arts\need for speed world\data\nfsw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5846E720-C188-478F-B501-45EA1ACC44D1}_is1" = MailShare
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}" =
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski)
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.6
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.1.4
"WinRAR archiver" = WinRAR 4.20 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1330926C-251C-414E-A681-F8CEF84899BC}" = Dawngate
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{29ED28E7-C3D6-43F7-A821-E5D0867DE47F}" = eJay Techno 5
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4b0c178f-1f4d-47bc-b20e-bcd543b39e1a}" = Nero 9 Lite
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends
"{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7A6577E7-F341-430F-9173-91E14E2DE270}" = FIFA 14 Demo
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.7.5
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}" = EA Sports FIFA World
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.10.0 "Legend"
"{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1" = War Inc Battlezone version 1.0.0
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7727F03-5311-4A12-9A63-2ACD20BA0497}" = Camtasia Studio 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Polish
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D5913A68-1D92-4CB7-857A-1A45447878A3}_is1" = Klient 4Death.pl wersja 1.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Premier
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Drakensang Online" = Drakensang Online
"Free Download Manager_is1" = Free Download Manager 3.9.3
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"InstallShield_{29ED28E7-C3D6-43F7-A821-E5D0867DE47F}" = eJay Techno 5
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.0.2.1012
"Metin2_is1" = Metin2
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"MTA:SA 1.3" = MTA:SA v1.3.5
"MySSID_is1" = EXPERTool 7.12
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 22.0.1471.50" = Opera Stable 22.0.1471.50
"Origin" = Origin
"Steam App 10" = Counter-Strike
"Steam App 63380" = Sniper Elite V2
"Szkoła podstawowa klasa 6 - Dzień dobry historio!" = Szkoła podstawowa klasa 6 - Dzień dobry historio!
"WinCalendar V4" = WinCalendar V4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Litecoin" = Litecoin
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2014-06-03 17:29:35 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-03 17:29:36 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-04 17:57:15 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-04 17:57:16 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-05 17:49:19 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-05 17:49:19 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-06 09:07:54 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-06 09:07:54 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-06 18:02:48 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-06 18:02:48 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

Error - 2014-06-07 05:06:30 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 11901
Description =

Error - 2014-06-07 05:06:31 | Computer Name = Grzesiu | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 2014-02-05 13:10:41 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.

Error - 2014-02-06 09:49:33 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Wsys Service z powodu następującego błędu:
%%2

Error - 2014-02-06 09:49:40 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

Error - 2014-02-06 09:51:22 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.

Error - 2014-02-06 11:44:16 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Wsys Service z powodu następującego błędu:
%%2

Error - 2014-02-06 11:44:19 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

Error - 2014-02-06 11:46:01 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.

Error - 2014-02-07 02:49:46 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Wsys Service z powodu następującego błędu:
%%2

Error - 2014-02-07 02:49:48 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

Error - 2014-02-07 02:51:28 | Computer Name = Grzesiu | Source = Service Control Manager | ID = 7022
Description = Usługa PirritUpdater zawiesiła się podczas uruchamiania.


< End of report >

 

 

Teraz 2 skany z malware coś tam (pliki oddane kwarntannie wykonywane 1 po 2.) Oczywiście przed skanem programów wyżej.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanu: 2014-06-07
Czas skanu: 13:54:54
Raport: 1234123444.txt
Administrator: Tak

Wersja: 2.00.2.1012
Baza danych malware: v2014.06.07.02
Baza danych rootkitów: v2014.06.02.01
Licencja: Trial
Ochrona przeciw malware: Włączony
Ochrona przeciw szkodliwymi stronami: Włączony
Self-protection: Wyłączony

System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: Krystian

Typ skanu: Skanowanie szybkie
Wynik: Zakończono
Objekty zeskanowane: 216985
Minęło: 3 min, 8 s

Pamięć: Włączony
Autostart: Włączony
System plików: Wyłączony
Archiwa: Włączony
Rootkity: Wyłączony
Heuristics: Włączony
PNP: Włączony
PNM: Włączony

Procesy: 0
(No malicious items detected)

Moduły: 0
(No malicious items detected)

Klucze rejestru: 69
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickCtrl.9, Dodano do kwarantanny, [5846d89db0cba78f0435756239cac53b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine, Dodano do kwarantanny, [a4fa373e83f8a98da0998f488c77c43c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0, Dodano do kwarantanny, [f2ac4530c6b5fd39dd5c8c4bc43f7a86],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.Update3WebControl.3, Dodano do kwarantanny, [425c4134760549ed94a5c7104db62bd5],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync, Dodano do kwarantanny, [65392253e09b87af3cfdf3e4966d51af],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync.1.0, Dodano do kwarantanny, [aef033423c3f45f178c107d0d132bc44],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass, Dodano do kwarantanny, [841ac9ac1c5fdf574fea32a5887bb44c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass.1, Dodano do kwarantanny, [6539096cd4a78ea824156572689b37c9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass, Dodano do kwarantanny, [0b936510b3c8023471c821b6a45fc23e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass.1, Dodano do kwarantanny, [1688afc6cfacee48bb7e20b7f21158a8],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine, Dodano do kwarantanny, [a1fd0c69bfbcb284221724b336cd936d],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0, Dodano do kwarantanny, [ebb35d1862196cca43f6c80fb053a858],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine, Dodano do kwarantanny, [435ba5d0e19a57df0336b32446bdcf31],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0, Dodano do kwarantanny, [2d715f164338ad89f3464691ca39a957],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback, Dodano do kwarantanny, [3b635421dba077bf79c063744cb73bc5],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Dodano do kwarantanny, [b6e8294c6e0d092d0534518655ae827e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc, Dodano do kwarantanny, [5f3fea8b1269082e0831ad2a58ab7d83],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0, Dodano do kwarantanny, [f8a6c9ac6c0f1422fc3d4c8bf310d42c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher, Dodano do kwarantanny, [3f5f2352f98295a10d2c1abd08fbcd33],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher.1.0, Dodano do kwarantanny, [25790273fb80e353db5e983f5ba8df21],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService, Dodano do kwarantanny, [9b031a5ba2d9092da59423b45aa96f91],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService.1.0, Dodano do kwarantanny, [edb14530d4a7b18542f7dbfc71923ec2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine, Dodano do kwarantanny, [732b5d18e09b54e214259f38ec17be42],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine.1.0, Dodano do kwarantanny, [059992e3691251e5e851c017b74ce719],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback, Dodano do kwarantanny, [0a947bfa710a1224093008cf1ee5fc04],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0, Dodano do kwarantanny, [594573024b309f97a49505d2ff048a76],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc, Dodano do kwarantanny, [f0aebabb6f0c3cfadc5d23b408fb6c94],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc.1.0, Dodano do kwarantanny, [4b530174abd093a3a6937e590102eb15],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\BonanzaDealsLive.exe, Dodano do kwarantanny, [d4ca92e3720953e3d365ebec8d76cc34],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dodano do kwarantanny, [cdd1afc6b4c74ee8af279f3b8d767789],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Dodano do kwarantanny, [fca2195c631872c4003ec80f8380e61a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, Dodano do kwarantanny, [a6f87cf93b4043f3c4794c8b7e8530d0],
PUP.Optional.DoSearches.A, HKLM\SOFTWARE\WOW6432NODE\dosearchesSoftware, Dodano do kwarantanny, [3d619adb27542f07f3fbba184fb4728e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickCtrl.9, Dodano do kwarantanny, [2777f77ea2d93cfae6537d5ae2217c84],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine, Dodano do kwarantanny, [623cd1a42a5182b457e23c9b3cc77e82],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0, Dodano do kwarantanny, [dfbfbbba077459dd94a5488f798a6a96],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.Update3WebControl.3, Dodano do kwarantanny, [a5f9a2d39cdfd066e158aa2d748f9f61],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync, Dodano do kwarantanny, [efaffc7992e904326acf8c4bf80b12ee],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync.1.0, Dodano do kwarantanny, [cbd3462f92e9979f9a9fc314dd264bb5],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreClass, Dodano do kwarantanny, [4c52f085c1ba7bbbe85130a7c53e6898],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreClass.1, Dodano do kwarantanny, [920cacc966151a1cd5641fb830d329d7],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass, Dodano do kwarantanny, [c0de80f5750659dd87b2b5229a69c43c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass.1, Dodano do kwarantanny, [8a14bdb88af1cb6b79c0b91e7390fe02],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine, Dodano do kwarantanny, [940a64110972e0567fbad007df24d52b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0, Dodano do kwarantanny, [a8f60c691b60b58150e9fdda0201a35d],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine, Dodano do kwarantanny, [b1eda4d10e6dbf77ad8c8e49c63ddf21],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0, Dodano do kwarantanny, [3f5fbcb90873de5864d58e4935ce966a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback, Dodano do kwarantanny, [a5f9a5d0a1da2115bd7c40971be85ba5],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Dodano do kwarantanny, [4b53a5d04e2db18594a59740a65df40c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc, Dodano do kwarantanny, [b5e978fd6318e94dea4f9e3946bd8080],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0, Dodano do kwarantanny, [2b7376ff97e41026ab8e498eae5527d9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher, Dodano do kwarantanny, [fba3e392f487979f82b7389f18eb639d],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher.1.0, Dodano do kwarantanny, [5b4397de35466ec8a19827b030d39f61],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService, Dodano do kwarantanny, [b0eea8cd790255e17fba64737e8524dc],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService.1.0, Dodano do kwarantanny, [f8a6027397e45dd9a891b5222ad916ea],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine, Dodano do kwarantanny, [a8f6d1a43d3ed066ba7fdcfbc83bb050],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine.1.0, Dodano do kwarantanny, [cfcfc8ad215a1d1957e2f7e0857ebf41],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback, Dodano do kwarantanny, [2c72f5807308d1653ffa884f699a857b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0, Dodano do kwarantanny, [108eea8bfa81c0760831d10643c0e917],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc, Dodano do kwarantanny, [e7b7a4d1c9b25fd7f3468d4a00038e72],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc.1.0, Dodano do kwarantanny, [4a542352f982b0864decebec31d247b9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\BonanzaDealsLive.exe, Dodano do kwarantanny, [039bef86ff7c47ef83b5776035ce768a],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dodano do kwarantanny, [d1cd6114c8b30a2c5e7819c153b025db],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Dodano do kwarantanny, [227c89ec2e4d1e18fb432baccb388f71],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=3, Dodano do kwarantanny, [9707acc912691422b8876572d92ab848],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=9, Dodano do kwarantanny, [acf2a9ccd9a284b283bc9542729127d9],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-678882040-263938067-2815254729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, Dodano do kwarantanny, [98066c09f5863402a398c215b44f7b85],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-678882040-263938067-2815254729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Dodano do kwarantanny, [e4bafc79b4c7ac8af6156653e02204fc],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-678882040-263938067-2815254729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Dodano do kwarantanny, [4d511a5b106b4fe722f5e1eeed167888],

Wartości rejestru: 4
Hijack.Regedit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit, 0, Dodano do kwarantanny, [d0cec0b587f45dd93ca452ed50b3e31d]
Hijack.Regedit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit, 0, Dodano do kwarantanny, [4955d79ed3a83105ab35221d08fb36ca]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-678882040-263938067-2815254729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, Dodano do kwarantanny, [4d511a5b106b4fe722f5e1eeed167888]
Hijack.Regedit, HKU\S-1-5-21-678882040-263938067-2815254729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit, 0, Dodano do kwarantanny, [4c524332d3a8171f27905ecbc93a7a86]

Dane rejestru: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobry: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Zły: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Zastąpiono,[ced0680d3f3c53e3294eea834fb5639d]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobry: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Zły: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Zastąpiono,[089695e0324983b3fe794e1f48bc9c64]

Foldery: 10
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST, Dodano do kwarantanny, [693520554b300d29680eb1f7847ec33d],
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Dodano do kwarantanny, [8c12f97cb9c2b383cd83a60f837f37c9],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, Dodano do kwarantanny, [f9a57401087360d6b7cbd5afd72b49b7],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, Dodano do kwarantanny, [f9a57401087360d6b7cbd5afd72b49b7],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, Dodano do kwarantanny, [f9a57401087360d6b7cbd5afd72b49b7],
PUP.Optional.BonanzaDeals.A, C:\Users\Krystian\AppData\Local\BonanzaDealsLive, Dodano do kwarantanny, [aef04f261566270ff1924e3648ba19e7],
PUP.Optional.BonanzaDeals.A, C:\Users\Krystian\AppData\Local\BonanzaDealsLive\CrashReports, Dodano do kwarantanny, [aef04f261566270ff1924e3648ba19e7],
PUP.Optional.NextLive.A, C:\Users\Krystian\AppData\Roaming\newnext.me, Dodano do kwarantanny, [c3db14613f3c2c0ae9535b2a5aa88a76],
PUP.Optional.NextLive.A, C:\Users\Krystian\AppData\Roaming\newnext.me\cache, Dodano do kwarantanny, [c3db14613f3c2c0ae9535b2a5aa88a76],
PUP.Optional.PirritSuggestor.A, C:\Users\Krystian\AppData\Local\PirritSuggestor, Dodano do kwarantanny, [f3abb4c11269072f143099f1956dc838],

Pliki: 14
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\msvcp100.dll, Dodano do kwarantanny, [693520554b300d29680eb1f7847ec33d],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\msvcr100.dll, Dodano do kwarantanny, [693520554b300d29680eb1f7847ec33d],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\QtCore4.dll, Dodano do kwarantanny, [693520554b300d29680eb1f7847ec33d],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\QtNetwork4.dll, Dodano do kwarantanny, [693520554b300d29680eb1f7847ec33d],
PUP.Optional.PirritSuggestor.A, C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected], Dodano do kwarantanny, [e5b9da9bef8c57dfb7df3c6cc939ae52],
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Dodano do kwarantanny, [8c12f97cb9c2b383cd83a60f837f37c9],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, Dodano do kwarantanny, [f9a57401087360d6b7cbd5afd72b49b7],
PUP.Optional.NextLive.A, C:\Users\Krystian\AppData\Roaming\newnext.me\nengine.cookie, Dodano do kwarantanny, [c3db14613f3c2c0ae9535b2a5aa88a76],
PUP.Optional.NextLive.A, C:\Users\Krystian\AppData\Roaming\newnext.me\cache\spark.bin, Dodano do kwarantanny, [c3db14613f3c2c0ae9535b2a5aa88a76],
PUP.Optional.PirritSuggestor.A, C:\Users\Krystian\AppData\Local\PirritSuggestor\gd.txt, Dodano do kwarantanny, [f3abb4c11269072f143099f1956dc838],
PUP.Optional.PirritSuggestor.A, C:\Users\Krystian\AppData\Local\PirritSuggestor\msvcp100.dll, Dodano do kwarantanny, [f3abb4c11269072f143099f1956dc838],
PUP.Optional.PirritSuggestor.A, C:\Users\Krystian\AppData\Local\PirritSuggestor\msvcr100.dll, Dodano do kwarantanny, [f3abb4c11269072f143099f1956dc838],
PUP.Optional.PirritSuggestor.A, C:\Users\Krystian\AppData\Local\PirritSuggestor\QtCore4.dll, Dodano do kwarantanny, [f3abb4c11269072f143099f1956dc838],
PUP.Optional.PirritSuggestor.A, C:\Users\Krystian\AppData\Local\PirritSuggestor\QtNetwork4.dll, Dodano do kwarantanny, [f3abb4c11269072f143099f1956dc838],

Sektory fizyczne: 0
(No malicious items detected)


(end)

 

 

i 2

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanu: 2014-06-07
Czas skanu: 14:05:57
Raport: 123123123.txt
Administrator: Tak

Wersja: 2.00.2.1012
Baza danych malware: v2014.06.07.02
Baza danych rootkitów: v2014.06.02.01
Licencja: Trial
Ochrona przeciw malware: Włączony
Ochrona przeciw szkodliwymi stronami: Włączony
Self-protection: Wyłączony

System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: Krystian

Typ skanu: Skanowanie w poszukiwaniu zagrożeń
Wynik: Zakończono
Objekty zeskanowane: 268663
Minęło: 12 min, 41 s

Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heuristics: Włączony
PNP: Włączony
PNM: Włączony

Procesy: 0
(No malicious items detected)

Moduły: 0
(No malicious items detected)

Klucze rejestru: 14
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, , [c9d5403580fb0630f93a81f1a260758b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, , [c9d5403580fb0630f93a81f1a260758b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, , [c9d5403580fb0630f93a81f1a260758b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{D34F391D-4CB7-467F-A543-F583857C63B0}, , [940a1d58e19a94a24ee94c2604fefe02],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D34F391D-4CB7-467F-A543-F583857C63B0}, , [940a1d58e19a94a24ee94c2604fefe02],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}, , [940a1d58e19a94a24ee94c2604fefe02],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}, , [831b007549322b0b6dbd462cd82af709],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}, , [98069dd827541422141dc3afbb47ee12],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}, , [019d91e4c9b2fa3cb084cea4679b669a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, , [f0ae7ef7aad163d3a687017117ebef11],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, , [f0ae7ef7aad163d3a687017117ebef11],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33BAF587-9647-4281-A34F-F4830CDC1B9F}, , [6e30d89dd9a26dc98aa43e34ae547987],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, , [6c327df8aad1e155a69077fb699940c0],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, , [6c327df8aad1e155a69077fb699940c0],

Wartości rejestru: 0
(No malicious items detected)

Dane rejestru: 0
(No malicious items detected)

Foldery: 0
(No malicious items detected)

Pliki: 12
PUP.Optional.Somoto, C:\Users\Krystian\AppData\Local\Temp\bitool.dll, , [217dabcabbc0cc6a118a829562a02fd1],
PUP.Optional.Somoto, C:\Users\Krystian\AppData\Local\Temp\nsr2E2A.tmp, , [ced00c69067560d6c25e8d6efa096799],
PUP.Optional.Somoto, C:\Users\Krystian\AppData\Local\Temp\nsr459C.tmp, , [247a4a2b0675082e59c738c3e320837d],
PUP.Optional.Somoto, C:\Users\Krystian\AppData\Local\Temp\nsr678D.tmp, , [9c02ee87d9a2cd69120ea55651b2fa06],
PUP.Optional.Dobreprogramy, C:\Users\Krystian\Downloads\Free-Download-Manager(12555).exe, , [1985cfa66417bf77b5cec1862fd2629e],
PUP.Optional.OpenCandy, C:\Users\Krystian\Downloads\DTLite4481-0347(dobreprogramy.pl).exe, , [554985f006751323c0c89001fe06f60a],
PUP.Optional.OpenCandy, C:\Users\Krystian\Downloads\DTLite4481-0347.exe, , [fda11f56bfbc51e537514a478282c040],
PUP.Optional.OpenCandy, C:\Users\Krystian\Downloads\DTLite4491-0356.exe, , [643a0f660d6eda5c3751dcb5c73da25e],
PUP.Optional.Bundle, C:\Users\Krystian\Downloads\DAEMON-Tools-Lite(12708) (1).exe, , [d0ced4a11e5d90a60fe00e66ff0211ef],
PUP.Optional.Dobreprogramy, C:\Users\Krystian\Downloads\DAEMON-Tools-Lite(12708).exe, , [247a4f26d9a287af344f7dca7a8738c8],
PUP.Optional.InstallCore, C:\Users\Krystian\Downloads\Malwarebytes-AntiMalware(13117).exe, , [019d3d382e4d9c9aabf7471a7f855ba5],
PUP.Optional.NextLive.A, C:\Users\Krystian\AppData\Local\genienext\nengine.dll, , [1b836213ef8c42f4854db89ed72a0ef2],

Sektory fizyczne: 0
(No malicious items detected)


(end)

 

 

Mogę użyć programu ccleaner?

Jakby nie było jutra, jakby nie istniał czas, chwila to dziś sekunda, ale zegar dawno już zgasł...

Trzyma przy sobie nas tylko wspomnienie tego, jak było tu nam na początku

 

4875_blue.png [*] 30.09.2016r. [*] 9368_gold.png

 

 

 

 

kopyteczkoo Mentor

kopyteczkoo

Opublikowano
Mentor

kopyteczkoo

  • Autor
Opublikowano

Nie mogłem znaleźć tego adware pirrit sugestor

 

Rozszerzenia nie posiadam (opera) mam jedynie adblock

 

LOG z usuwania:

 

All processes killed
========== OTL ==========
Process PirritUpdater.exe killed successfully!
Process AutoUpdater.exe killed successfully!
Service PirritUpdater stopped successfully!
Service PirritUpdater deleted successfully!
C:\Program Files (x86)\Pirrit\AutoUpdater.exe moved successfully.
C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected] moved successfully.
C:\Users\Krystian\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected] moved successfully.
========== FILES ==========
C:\Windows\Temp\PirritUpdater.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Krystian
->Temp folder emptied: 711 bytes
->Temporary Internet Files folder emptied: 23036 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2279 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2150091 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06072014_161059

Files\Folders moved on Reboot...
C:\Users\Krystian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Krystian\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

Log zaraz wkleję.

 

LOG"

 

 

OTL logfile created on: 2014-06-07 16:18:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krystian\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,33% Memory free
8,00 Gb Paging File | 5,39 Gb Available in Paging File | 67,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 196,06 Gb Total Space | 105,18 Gb Free Space | 53,64% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 264,46 Gb Free Space | 90,27% Space Free | Partition Type: NTFS
Drive E: | 442,38 Gb Total Space | 398,79 Gb Free Space | 90,15% Space Free | Partition Type: NTFS
Drive G: | 769,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: GRZESIU | User Name: Krystian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-06-07 15:25:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krystian\Downloads\OTL.exe
PRC - [2014-06-05 20:35:25 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-06-03 14:31:25 | 046,784,632 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
PRC - [2014-06-03 14:31:25 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014-04-19 08:21:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-04-19 08:21:00 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-07-30 15:13:20 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2010-07-29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-02-03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe


========== Modules (No Company Name) ==========

MOD - [2014-06-03 14:31:25 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
MOD - [2014-06-03 14:31:23 | 000,957,048 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\ffmpegsumo.dll
MOD - [2014-06-03 14:31:23 | 000,877,176 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\libglesv2.dll
MOD - [2014-06-03 14:31:23 | 000,135,800 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.50\libegl.dll
MOD - [2014-05-14 20:51:07 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014-04-08 14:18:32 | 008,889,512 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office15\1033\GrooveIntlResource.dll
MOD - [2014-01-05 17:46:03 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009-09-30 13:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009-03-25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009-03-19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009-03-19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009-01-15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [1998-10-31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014-04-19 08:21:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014-04-19 08:21:00 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-08-10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009-08-10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-05-29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014-05-14 20:51:08 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014-02-28 22:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-07-29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014-06-07 16:13:38 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014-05-12 14:13:32 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014-05-12 14:13:32 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014-05-12 14:13:32 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-05-12 14:13:32 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014-05-06 18:06:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014-04-19 08:21:20 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-04-19 08:21:20 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-04-19 08:21:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-04-19 08:21:20 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-04-19 08:21:19 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-04-17 16:04:30 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-04-20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-06-22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010-01-11 12:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009-09-19 06:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009-09-19 06:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009-09-19 06:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009-07-30 19:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=395049983_1052499_383003F5&ts=1384163209&type=default&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Krystian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found


[2014-06-07 16:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014-06-07 16:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystian\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2014-03-03 01:49:30 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: avast! Online Security = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: avast! Online Security = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.93_0\
CHR - Extension: Google Wallet = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\

Hosts file not found
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [WinCalendar V4] d:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe (Sapro Systems)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [WinCalendar V4] d:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe (Sapro Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6333F8E8-BBF6-4C9A-B16E-5FC08E31B264}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-12-13 23:04:47 | 000,000,175 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{6f4a57ff-7c56-11e3-862f-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\AutoRun\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\configure\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8c3ad8c3-d537-11e3-90b4-20cf30ab5daf}\Shell\install\command - "" = G:\setup.exe -- [2012-10-02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-06-07 15:10:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-06-07 13:53:38 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-06-07 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-06-07 13:53:20 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014-06-07 13:53:20 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014-06-07 13:53:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-06-07 13:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-06-05 20:46:05 | 000,000,000 | ---D | C] -- C:\Users\Krystian\AppData\Roaming\WinCalendar
[2014-06-05 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WinCalendarV4
[2014-06-05 20:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sapro Systems WinCalendar V4
[2014-05-25 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Desktop\DODOWI
[2014-05-25 00:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2014-05-24 23:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2014-05-24 23:47:55 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Documents\GTA San Andreas User Files
[2014-05-24 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Krystian\Desktop\MTAMTA
[2014-05-23 21:56:39 | 000,000,000 | -HSD | C] -- C:\Users\Krystian\AppData\Local\EmieUserList
[2014-05-23 21:56:39 | 000,000,000 | -HSD | C] -- C:\Users\Krystian\AppData\Local\EmieSiteList
[2014-05-20 23:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014-05-15 23:11:35 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014-05-15 23:11:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014-05-15 22:50:52 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014-05-15 22:50:51 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014-05-15 22:50:51 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014-05-15 22:50:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014-05-15 22:50:50 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014-05-15 22:50:50 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014-05-15 22:50:49 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014-05-15 22:50:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014-05-15 22:50:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014-05-15 22:50:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014-05-15 22:50:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014-05-15 22:50:48 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014-05-15 22:50:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014-05-15 22:50:48 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014-05-15 22:50:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014-05-15 22:50:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014-05-15 22:50:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014-05-15 22:50:47 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014-05-15 22:50:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014-05-15 22:50:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014-05-15 22:50:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014-05-15 22:50:47 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014-05-15 22:50:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014-05-15 22:42:00 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-15 22:41:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-05-09 18:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2014-05-09 18:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2014-05-09 18:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

========== Files - Modified Within 30 Days ==========

[2014-06-07 16:21:31 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-06-07 16:21:31 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-06-07 16:15:06 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-06-07 16:13:38 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-06-07 16:12:57 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-06-07 16:12:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-06-07 16:12:33 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2014-06-07 15:58:03 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-06-05 20:43:40 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\WinCalendar V4.lnk
[2014-06-03 21:05:33 | 001,670,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-06-03 21:05:33 | 000,740,422 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-06-03 21:05:33 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-06-03 21:05:33 | 000,155,996 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-06-03 21:05:33 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-25 00:04:06 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2014-05-23 21:11:30 | 000,273,240 | ---- | M] () -- C:\Users\Krystian\Desktop\muzyka-polska-1680-1260-6769.jpg
[2014-05-23 21:09:07 | 000,004,073 | ---- | M] () -- C:\Users\Krystian\Desktop\pobrany plik.jpg
[2014-05-21 15:57:14 | 000,449,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-05-20 20:37:15 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014-05-20 20:37:15 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\avast! Premier.lnk
[2014-05-16 18:44:56 | 000,000,482 | RHS- | M] () -- C:\Users\Krystian\ntuser.pol
[2014-05-14 20:51:07 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-05-14 20:51:07 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-05-12 14:13:32 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014-05-12 14:13:32 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014-05-12 14:13:32 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014-05-12 14:13:32 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014-05-12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-05-09 08:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-09 08:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2014-06-05 20:43:40 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\WinCalendar V4.lnk
[2014-05-25 00:04:06 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2014-05-23 21:10:11 | 000,273,240 | ---- | C] () -- C:\Users\Krystian\Desktop\muzyka-polska-1680-1260-6769.jpg
[2014-05-23 21:09:10 | 000,004,073 | ---- | C] () -- C:\Users\Krystian\Desktop\pobrany plik.jpg
[2014-04-24 16:53:24 | 000,009,886 | ---- | C] () -- C:\Users\Krystian\AppData\Local\recently-used.xbel
[2014-03-21 19:04:59 | 000,000,482 | RHS- | C] () -- C:\Users\Krystian\ntuser.pol
[2013-12-25 22:43:39 | 000,000,364 | ---- | C] () -- C:\Users\Krystian\SciTE.session
[2013-12-25 22:00:09 | 001,642,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-10-21 20:58:19 | 000,007,598 | ---- | C] () -- C:\Users\Krystian\AppData\Local\Resmon.ResmonCfg
[2013-10-08 15:52:35 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-10-05 20:38:06 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013-10-05 20:38:06 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013-10-05 20:38:03 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013-10-05 20:38:03 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013-10-05 20:32:42 | 000,030,942 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013-10-05 20:32:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013-10-05 20:32:20 | 000,023,167 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2

< End of report >

 

Jakby nie było jutra, jakby nie istniał czas, chwila to dziś sekunda, ale zegar dawno już zgasł...

Trzyma przy sobie nas tylko wspomnienie tego, jak było tu nam na początku

 

4875_blue.png [*] 30.09.2016r. [*] 9368_gold.png

 

 

 

 

Janusz. Legenda

Janusz.

Opublikowano
Legenda

Janusz.

Opublikowano

Był update programu GMER. działa już na x64. Potem poproszę jakiegoś moderatora o zmianę tego :) Gmera na razie nie dawaj.

 

@Up. Ten program i tak nie wiele  ci da. poczekaj aż @rafor4 zajrzy do tematu. Napiszę Ci fixa. To co mbam wykrył to tylko adware które zostanie usunięte (tak czy siak)

Zarchiwizowany

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

Pytania
×
×
  • Dodaj nową pozycję...