Zagrozenia

[SmokeEveryDay]

Siemka, mam prolem

 

Co chwile mi wyskakuje powiadomienie avasta ze w c--->steam wykrywa wirus " Win32;SailCode

 

To nie jest satility wirus? jakas jego odmiana gdzie bede misial pozniej formatowac kompa?

 

30 minut temu wlaczylem laptopa i juz mi wyskoczylo 29 razy powiadominie ze wykryto zagrozenia ale nie w 1 pliku tylko w w 29 roznych plikach exe i dll

 

Nic nie wgrywalem do steam, zadnych chackow tylko po aktualizacji przeinstalowalem steam i tak zostalo\

 

 

Teraz zauwazylem ze w kazdym exe mi to siedzi :/

 

 

Dobra juz wiem ze nie jest to blachostka bo avast kazal mi zrestartowac kompa i po resecie skanuje mi kompa, minela juz godzina

a nawet 1 % nie zrobilo :/

 

Zobaczymy czy obejdzie sie bez formata ;x bo juz mi w cholere przez ta godzine plikow przenioslo do kwarantanny z zagrozeniem win32 sality

[natan1234]

Win32/Sality: (Inne nazwy wirusa : Win32/Sector, Win32/Tanatos!!)

 

 

W logach OTL zobaczymy to :

DRV - File not found [Kernel | On_Demand | Running] - - - - (abp470n5)

DRV - File not found [Kernel | On_Demand | Running] - - - -(dpti930)

DRV - File not found [Kernel | On_Demand | Running] - - - -(dac970nt)

C:\Windows\system32\drivers -- -- (abp470n5)

C:\Windows\system32\drivers\amsint32.sys

 

C:\WINDOWS\system32\drivers\kojkmj.sys -- (MCIDRV_2600_6_0)

Do tego zaszywa się w rejestrze uruchamiając sie wraz ze startem systemu występując pod nazwami:

 

-AIC32P

-WMI_MFC_TPSHOKER_80

-NDISFILESERVICES32

 

Przykład :

HKLM\System\CurrentControlSet\Services\NdisFileServices32. Type = 00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMI_MFC_TPSHOKER_80\Security

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic32p\Security

 

Problemy z pobraniem programu antywirusowego może stwarzać sterownik asc3360pr.

 

Jeśli takie problemy występują należy napisać temat w dziale komputery ,jeśli nie będę odpowiadał to pisz śmiało na pw.

 

 

W Extras:

C:\Windows/explorer.exe'' = C:\Windows\explorer.exe :*:Enabled:ipsec -- (Microsoft Corporation)

 

 

 

Objawy :

-Obecność plików w folderze C:\Windows\system32 wmdrtc32.dl_ oraz wmdrct32.dll

-Gwałtowne spowolnienie pracy komputera (czyli faza zarażania plików z rozszerzeniami .exe i .dll)

-Zmniejszenie ilości wolnego miejsca na dysku.

-Blokada Menedżera zadań oraz edytora rejestru.

-Niektóre programy antywirusowe mogą przestać działać.

-Niemożność uruchomienia systemu w trybie awaryjnym ,ponieważ Sality niszczy i usuwa tryb awaryjny (Klucz SafeBoot)

-Tworzenie się plików tymczasowych z rozszerzeniami .exe w folderze TEMP

Niestety tego typu infekcje trudno usunąć gdyż jej usługa naśladuje usługi systemowe z której ciężko usunąć infekcje .

 

Usuwanie:

 

Najpierw oczywiście wyłączamy przywracanie systemu na wszystkich dyskach.

PPM na Mój komputer --> Właściwości --> Przywracanie systemu -->Wyłącz przywracanie systemu na wszystkich dyskach. (Dotyczy to wszystkich wirusów co poniżej napisałem)

 

Szczepionka :

http://www.softpedia.com/get/Antivirus/SalityKiller.shtml

 

Skaner :

http://www.bitdefender.com/scanner/online/free.html

[SmokeEveryDay]

Dzieki za tuta

 

Lecz narazie jak pisalem avast mi skanuje calego kompa, minela ponad godzina i dopiero 4% zeskanowalo

 

A co chwile wyskakuje mi sciezka pliku nazwa wirusa czyli win32 sality lub saliCode i przenosi do kwarantanny

 

Sprobuje po tym saknowaniu zrobic to

 

Bo teraz raczej nie przerwe go

[natan1234]

avastem gówno zrobisz

masz tam specjalny program do usuwania tego a nie avastem jakiś ;0

[SmokeEveryDay]

Gdyby avast gowno zrobil to by nie skanowal mi kompa

 

Wiekszosc plikow zostala usunieta ale czesc tez zostala uratowano

 

Jak narazie avast nic nie wykrywa

 

Wiec piszesz, ze gowno daje a jednak pomoglo

 

Ale dla pewnosci i tak zastosuje sie do tego co dales

[Gość]

Wolno się skanuje bo wirus zaraża cały czas reszte plików lub masz wolny dysk.

Zależy ile miałeś wirusa w kompie bo jak długo to i tak już pewnie pół komputera zaraził a avast usunął bo był wirus.

 

Ja to bym i tak jeb... formata jak ci pousuwało pliki.

 

Jak ten wirus ci wszedł ? Musiałeś wyłączyć na chwilę avasta, np żeby uruchomić hacki Bo tak to nie ma opcji.

 

PS. Też mam avasta i miałem tylko raz jakiegoś wirusa, ale wyłączyłem avasta żeby uruchomić zwirusowane hacki z mpcforum i dlatego.

[Fr3shMak3r]

Po skanowaniu Avastem powodzenia w odpaleniu systemu.

Ty te pliki masz leczyc a nie usuwac.

Poza tym daj loga OTL po usuwaniu bo watpie ze Avast cos tu zadzialal .

[SmokeEveryDay]

Wolno się skanuje bo wirus zaraża cały czas reszte plików lub masz wolny dysk.

Zależy ile miałeś wirusa w kompie bo jak długo to i tak już pewnie pół komputera zaraził a avast usunął bo był wirus.

 

Ja to bym i tak jeb... formata jak ci pousuwało pliki.

 

Jak ten wirus ci wszedł ? Musiałeś wyłączyć na chwilę avasta, np żeby uruchomić hacki Bo tak to nie ma opcji.

 

PS. Też mam avasta i miałem tylko raz jakiegoś wirusa, ale wyłączyłem avasta żeby uruchomić zwirusowane hacki z mpcforum i dlatego.

 

Tia, sciagnalem gownianego hacka z mpc i mi zarazilo a musialem wylaczyc zeby dzialalo

 

 

 

@UP Normalnie laptopa odpalilem

 

A te pliki exe usuwalo z dysku D na ktorym nie mam systemu a z dysku C wszystko poszlo do kwarantanny

 

Te pliki z D zostaly usuwane bo juz nie bylo miejsca w kwarantannie ;x

 

Zaraz podam logi

 

OTL

 

 

zyOTL logfile created on: 2/26/2013 4:51:40 PM - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.55% Memory free

7.83 Gb Paging File | 6.12 Gb Available in Paging File | 78.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 100.00 Gb Total Space | 61.84 Gb Free Space | 61.83% Space Free | Partition Type: NTFS

Drive D: | 177.46 Gb Total Space | 51.04 Gb Free Space | 28.76% Space Free | Partition Type: NTFS

 

Computer Name: DOM-KOMPUTER | User Name: Dom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/02/26 16:49:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Downloads\OTL.exe

PRC - [2013/02/20 11:19:52 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012/12/12 19:43:30 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/02/23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/11 21:52:00 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SpeedyDrive\mounter.exe

PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/03 20:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2010/11/03 20:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2010/11/03 19:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2010/11/03 19:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2010/09/30 02:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/02/20 11:19:51 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/12/12 19:43:28 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/02/20 11:19:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2012/12/12 19:43:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/18 08:44:21 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)

SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2012/05/15 20:54:13 | 004,295,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2012/04/13 09:17:10 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012/02/11 21:52:00 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SpeedyDrive\mounter.exe -- (DokanMounter)

SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/03 20:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2010/11/03 20:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2010/11/03 19:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2012/03/29 14:55:26 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{44E64640-79DC-4EDB-A142-148282A6B88D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 23570767

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes,DefaultScope = ${searchCLSID}

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 147.102.16.69:3128

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "WebSearch"

FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: "http://websearch.good-results.info/?pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL&l=1&q="

FF - prefs.js..browser.search.order.1: "WebSearch"

FF - prefs.js..browser.search.order.1,S: S", "WebSearch"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"

FF - prefs.js..browser.startup.homepage: "https://www.google.pl/"

FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0

FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0

FF - prefs.js..keyword.URL: "http://websearch.good-results.info/?pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL&l=1&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "WebSearch"

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "WebSearch"

FF - prefs.js..browser.startup.homepage: "http://websearch.good-results.info/?pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/04 10:15:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/05 02:36:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/20 11:19:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/20 11:19:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/20 11:19:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/20 11:19:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Dom\AppData\Roaming\IDM\idmmzcc3

 

[2013/01/02 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\Extensions

[2013/02/05 22:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\xmwk5cuo.default\Extensions

[2013/02/05 22:02:41 | 000,005,642 | ---- | M] () (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\Extensions\[email protected]

[2013/01/27 12:13:36 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\Extensions\[email protected]

[2013/01/15 22:03:42 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2013/01/14 16:14:25 | 000,003,915 | ---- | M] () -- C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\searchplugins\sweetim.xml

[2013/02/05 22:05:07 | 000,000,627 | ---- | M] () -- C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\searchplugins\WebSearch.xml

[2013/02/20 11:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/02/20 11:19:52 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/02/20 11:19:50 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml

[2013/02/20 11:19:50 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml

[2013/02/20 11:19:50 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml

[2013/02/20 11:19:50 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml

[2013/02/20 11:19:50 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml

[2013/02/20 11:19:50 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

 

========== Chrome ==========

 

CHR - homepage: http://websearch.good-results.info/?pid=499&r=2013/02/05&hid=2600302731&lg=EN&cc=PL

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\.bak

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdphihkopbepogaialenmgoacnpmffo\1.1_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcijdkkommbhnpohidhdpkhendgcpamf\0.4_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoalkffommhmdmbohjphohoejjmgepc\1.0_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.18.20_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcdplgchgghnahkmoeibomjpbikclka\2.0_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\.bak

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdphihkopbepogaialenmgoacnpmffo\1.1_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcijdkkommbhnpohidhdpkhendgcpamf\0.4_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoalkffommhmdmbohjphohoejjmgepc\1.0_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.18.20_0\

CHR - Extension: No name found = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcdplgchgghnahkmoeibomjpbikclka\2.0_0\

 

O1 HOSTS File: ([2013/02/01 18:58:49 | 000,000,836 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 update.silverangel.org

O1 - Hosts: 178.255.46.207 derox.pl

O1 - Hosts: 203.150.231.222 xtrap.cabalonline.com.br

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Dom\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe (Trend Media Corporation Limited)

O4 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000..\Run: [GG] "C:\Users\Dom\AppData\Local\GG\Application\gghub.exe" File not found

O4 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()

O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()

O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.10.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2848B855-D0DD-43E7-BD1E-895ADA4300FF}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{ab24e615-ccbe-11e1-b9c4-5c9ad85e122e}\Shell - "" = AutoRun

O33 - MountPoints2\{ab24e615-ccbe-11e1-b9c4-5c9ad85e122e}\Shell\AutoRun\command - "" = F:\AidemMediaSplash.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 60 Days ==========

 

[2013/02/22 11:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3

[2013/02/22 11:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All

[2013/02/22 10:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games

[2013/02/20 11:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/02/18 23:30:41 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander

[2013/02/18 23:30:40 | 000,000,000 | ---D | C] -- C:\totalcmd

[2013/02/16 22:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLTooLz

[2013/02/16 22:10:47 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe

[2013/02/16 22:10:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE

[2013/02/16 14:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [PL] SznaJK3r

[2013/02/16 14:28:32 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [PL] SznaJK3r

[2013/02/15 19:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2013/02/15 15:34:32 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2013/02/15 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2013/02/15 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2013/02/14 22:47:27 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ElevatedDiagnostics

[2013/02/14 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

[2013/02/14 16:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

[2013/02/11 03:41:18 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter 9.0

[2013/02/11 03:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter 9.0

[2013/02/11 03:41:14 | 000,000,000 | ---D | C] -- C:\Windows\WinAVI Video Converter 9.0

[2013/02/11 03:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI Video Converter 9.0

[2013/02/11 03:36:50 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\WinAVI

[2013/02/11 03:36:50 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\WinAVI

[2013/02/09 14:38:21 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speedy Drive

[2013/02/06 11:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft

[2013/02/06 11:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft

[2013/02/06 01:38:20 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows

[2013/02/05 22:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RightClick

[2013/02/05 22:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSearch

[2013/02/05 22:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave

[2013/02/05 22:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2013/02/05 02:15:09 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Balmora.pl

[2013/02/02 15:31:54 | 000,005,120 | ---- | C] (myN) -- C:\Users\Dom\AppData\Roaming\patcher02.patUpdater.exe

[2013/01/30 07:13:31 | 000,315,904 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

[2013/01/23 17:21:03 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Opera

[2013/01/23 17:21:03 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Opera

[2013/01/23 17:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2013/01/21 22:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsCabal Online

[2013/01/19 17:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adiksa Cabal Online

[2013/01/18 13:54:36 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cabal Baguio Gaming Network

[2013/01/17 16:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear

[2013/01/16 17:10:09 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\O&O

[2013/01/16 17:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software

[2013/01/14 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2

[2013/01/14 16:15:44 | 000,000,000 | ---D | C] -- C:\Users\Dom\Tracing

[2013/01/14 16:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2013/01/14 16:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys

[2013/01/13 00:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/01/13 00:34:16 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/01/13 00:34:02 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/01/13 00:34:02 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/01/13 00:34:02 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/12 02:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro

[2013/01/08 17:12:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2013/01/08 17:12:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2013/01/08 17:12:19 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2013/01/08 17:12:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2013/01/08 17:12:16 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2013/01/08 17:12:15 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2013/01/08 17:12:14 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2013/01/08 17:12:13 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2013/01/08 17:12:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2013/01/08 17:12:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2013/01/08 17:12:11 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2013/01/08 17:12:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2013/01/08 17:12:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll

[2013/01/08 17:12:07 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2013/01/08 17:12:05 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

[2013/01/08 17:12:04 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2013/01/08 17:12:02 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2013/01/08 17:11:57 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll

[2013/01/08 17:11:56 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll

[2013/01/08 17:11:55 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll

[2013/01/08 17:11:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll

[2013/01/08 17:11:53 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2013/01/08 17:11:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2013/01/08 17:11:49 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll

[2013/01/08 17:11:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll

[2013/01/08 17:11:48 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll

[2013/01/08 17:11:48 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll

[2013/01/08 17:11:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll

[2013/01/08 17:11:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll

[2013/01/08 17:11:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll

[2013/01/08 17:11:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2013/01/08 17:11:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2013/01/08 17:11:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2013/01/08 17:11:41 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2013/01/08 17:11:41 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2013/01/08 17:11:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2013/01/08 17:11:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2013/01/08 17:11:38 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2013/01/08 17:11:38 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2013/01/08 17:11:36 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2013/01/08 10:06:06 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Podatnik.info

[2013/01/08 09:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Program PIT 2012-2013

[2013/01/08 09:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Podatnik.info Sp z

[2013/01/05 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Wise Disk Cleaner

[2013/01/05 14:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner

[2013/01/05 14:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise

[2013/01/05 02:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/01/05 02:36:44 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2013/01/05 02:36:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/01/05 01:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerenityGamerZ

[2013/01/05 01:44:12 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Avg2013

[2013/01/05 00:32:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\SendSpace

[2013/01/05 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro

[2013/01/02 18:42:57 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Mozilla

[2013/01/02 18:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2013/01/02 18:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2013/01/02 18:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2013/01/02 10:50:14 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Raiderz

[2012/12/31 14:22:54 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\ObviousIdea

[2012/12/31 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ObviousIdea

[2012/12/30 23:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2012/12/30 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\MFAData

[2012/12/30 23:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/12/30 21:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2012/12/30 18:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Skype

[2012/12/30 18:08:32 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/12/30 18:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/12/30 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/12/30 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files - Modified Within 60 Days ==========

 

[2013/02/26 16:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/25 21:44:28 | 000,301,016 | ---- | M] () -- C:\Users\Dom\Desktop\312.jpg

[2013/02/18 23:30:42 | 000,000,652 | ---- | M] () -- C:\Users\Dom\Desktop\Total Commander 64 bit.lnk

[2013/02/16 22:10:47 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe

[2013/02/16 22:10:46 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE

[2013/02/14 16:31:35 | 009,143,546 | ---- | M] () -- C:\Users\Dom\Desktop\Moria 2013-02-14 16-27-46-56.AVI

[2013/02/10 10:55:25 | 000,000,463 | ---- | M] () -- C:\Users\Dom\SciTE.session

[2013/02/10 10:55:24 | 000,003,338 | ---- | M] () -- C:\Users\Dom\Desktop\boteknkkk.au3

[2013/02/06 01:55:46 | 000,000,600 | ---- | M] () -- C:\Users\Dom\AppData\Local\PUTTY.RND

[2013/02/05 00:00:31 | 000,226,645 | ---- | M] () -- C:\Users\Dom\Desktop\Bez tytułu123d.jpg

[2013/02/02 15:31:54 | 000,005,120 | ---- | M] (myN) -- C:\Users\Dom\AppData\Roaming\patcher02.patUpdater.exe

[2013/01/29 08:37:54 | 000,811,739 | ---- | M] () -- C:\Users\Dom\Desktop\fish bot.exe

[2013/01/15 10:41:56 | 000,004,608 | ---- | M] () -- C:\Windows\ws2help.dll

[2013/01/15 10:41:56 | 000,000,012 | ---- | M] () -- C:\Windows\explorer.exe.local

[2013/01/13 00:33:55 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/13 00:33:50 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/01/13 00:33:50 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/01/13 00:33:49 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/01/13 00:33:47 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013/01/13 00:33:47 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/01/06 17:55:10 | 000,377,600 | ---- | M] () -- C:\Users\Dom\Desktop\haha.jpg

[2013/01/05 14:54:52 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk

[2013/01/05 02:37:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/02/25 21:44:28 | 000,301,016 | ---- | C] () -- C:\Users\Dom\Desktop\312.jpg

[2013/02/18 23:30:42 | 000,000,652 | ---- | C] () -- C:\Users\Dom\Desktop\Total Commander 64 bit.lnk

[2013/02/17 21:33:07 | 000,001,140 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk

[2013/02/14 16:31:23 | 009,143,546 | ---- | C] () -- C:\Users\Dom\Desktop\Moria 2013-02-14 16-27-46-56.AVI

[2013/02/10 10:55:24 | 000,003,338 | ---- | C] () -- C:\Users\Dom\Desktop\boteknkkk.au3

[2013/02/05 00:00:31 | 000,226,645 | ---- | C] () -- C:\Users\Dom\Desktop\Bez tytułu123d.jpg

[2013/01/29 08:37:54 | 000,811,739 | ---- | C] () -- C:\Users\Dom\Desktop\fish bot.exe

[2013/01/15 10:41:56 | 000,004,608 | ---- | C] () -- C:\Windows\ws2help.dll

[2013/01/15 10:41:56 | 000,000,012 | ---- | C] () -- C:\Windows\explorer.exe.local

[2013/01/06 17:55:10 | 000,377,600 | ---- | C] () -- C:\Users\Dom\Desktop\haha.jpg

[2013/01/05 14:54:52 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk

[2013/01/02 18:42:49 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/12/30 13:51:28 | 001,056,768 | ---- | C] () -- C:\Windows\SysWow64\libmysql41.dll

[2012/12/30 13:51:28 | 000,280,576 | ---- | C] () -- C:\Windows\SysWow64\libmysql320.dll

[2012/12/30 13:51:28 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\libmysql40.dll

[2012/12/30 13:51:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmysql323.dll

[2012/12/18 14:14:07 | 000,000,380 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat

[2012/12/18 13:49:54 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI

[2012/11/30 14:23:36 | 000,000,061 | ---- | C] () -- C:\Users\Dom\SciTEUser.properties

[2012/11/29 17:57:56 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll

[2012/11/20 16:13:30 | 048,179,170 | ---- | C] () -- C:\Users\Dom\game

[2012/11/07 02:40:22 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/11/07 02:40:16 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/10/10 09:17:24 | 000,000,463 | ---- | C] () -- C:\Users\Dom\SciTE.session

[2012/08/21 17:50:54 | 000,000,600 | ---- | C] () -- C:\Users\Dom\AppData\Local\PUTTY.RND

[2012/08/20 18:46:36 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2012/08/10 10:35:27 | 000,001,638 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2012/05/31 22:56:03 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

[2012/05/31 22:56:02 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe

[2012/05/31 22:56:02 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2012/02/17 16:14:06 | 000,000,038 | ---- | C] () -- C:\Users\Dom\abbrev.properties

[2012/02/17 15:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Dom\au3.keywords.user.abbreviations.properties

[2012/02/14 21:52:12 | 000,000,027 | ---- | C] () -- C:\Users\Dom\au3UserAbbrev.properties

[2012/02/11 21:52:00 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll

[2011/05/12 08:11:47 | 001,640,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/02 01:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/05/02 01:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/05/02 01:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011/05/02 01:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/05/02 01:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2010/03/27 16:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Dom\au3abbrev.properties

[2010/01/02 22:16:12 | 000,000,111 | ---- | C] () -- C:\Users\Dom\au3.UserUdfs.properties

[2010/01/02 22:15:50 | 000,000,000 | ---- | C] () -- C:\Users\Dom\au3.user.calltips.api

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu

[2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu

[2012/11/18 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Aidem Media

[2013/02/05 02:15:09 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Balmora.pl

[2012/11/08 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Bioshock

[2013/02/26 16:37:51 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BITS

[2012/11/30 19:45:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\CoreFTP

[2012/07/13 09:05:38 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DAEMON Tools Lite

[2012/11/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DMCache

[2012/08/24 12:58:05 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ESET

[2012/10/15 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FarmHelper

[2013/02/06 02:24:05 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FileZilla

[2012/12/19 10:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashGet

[2012/12/18 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashGetBHO

[2012/12/18 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashgetSetup

[2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fujitsu

[2012/06/04 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fujitsu Launch Center

[2012/08/11 09:57:55 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Gadu-Gadu

[2012/08/11 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10

[2013/02/25 21:44:32 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\GG

[2012/11/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\GHISLER

[2012/11/07 02:35:25 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Leadertech

[2012/10/23 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\marcinc

[2012/09/17 18:19:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mp3DirectCut

[2012/09/16 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Need for Speed World

[2012/11/14 09:47:33 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Nokia

[2012/06/27 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Notepad++

[2013/01/05 01:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ObviousIdea

[2013/02/05 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Opera

[2012/11/14 09:44:48 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\PC Suite

[2013/01/08 10:06:06 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Podatnik.info

[2012/08/14 05:53:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\RegistryKeys

[2012/08/27 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\runic games

[2013/01/05 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SendSpace

[2012/10/15 10:51:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SFBot

[2013/02/11 04:02:57 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SoftGrid Client

[2013/02/14 17:46:32 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TeamViewer

[2012/06/04 10:31:26 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TP

[2013/02/14 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TS3Client

[2013/01/16 16:40:20 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TuneUp Software

[2013/02/22 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\uTorrent

[2013/02/11 03:36:50 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\WinAVI

[2012/07/21 14:42:35 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Windows Live Writer

[2013/02/26 13:40:31 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Wise Disk Cleaner

[2012/10/11 11:05:15 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\WNR

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2012/10/23 06:12:52 | 000,000,000 | ---D | M](C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ

[2012/10/23 06:12:52 | 000,000,000 | ---D | M](C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ

(C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF

 

< End of report >

 

 

 

 

Extras

 

 

OTL Extras logfile created on: 2/26/2013 4:51:40 PM - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.55% Memory free

7.83 Gb Paging File | 6.12 Gb Available in Paging File | 78.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 100.00 Gb Total Space | 61.84 Gb Free Space | 61.83% Space Free | Partition Type: NTFS

Drive D: | 177.46 Gb Total Space | 51.04 Gb Free Space | 28.76% Space Free | Partition Type: NTFS

 

Computer Name: DOM-KOMPUTER | User Name: Dom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [compress] -- C:\Program Files (x86)\KGB Archiver\kgb_arch_compress.exe "%1\"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UacDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D3C7444-1C69-4E59-916B-3BB637F4E1A1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{1FDBB5DE-77A4-4BA7-BC1D-F516C4149DB1}" = lport=445 | protocol=6 | dir=in | app=system |

"{5A2ABC3B-B983-4F2F-858B-4F9EEF7507B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5ABD13BD-EBB8-4544-AA23-8E1E4C19F8F7}" = rport=139 | protocol=6 | dir=out | app=system |

"{651DA4E3-D290-42D8-9ECF-B1483DB6A527}" = lport=137 | protocol=17 | dir=in | app=system |

"{76660C80-5B13-428B-A251-1F9A49B4ABD1}" = rport=445 | protocol=6 | dir=out | app=system |

"{A049EC57-EBE1-47F6-88A2-82989EDBB2AE}" = rport=137 | protocol=17 | dir=out | app=system |

"{C3642F39-5605-4E86-A500-DE31032DF621}" = lport=138 | protocol=17 | dir=in | app=system |

"{C5E8D838-E07E-48EB-A5F9-147C047555DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{C789ABC1-1764-4ACA-ADAB-251C5AA9AC1D}" = lport=139 | protocol=6 | dir=in | app=system |

"{CC4F8A4B-119A-4038-B22E-6130FBF55D3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E92427A7-1A1E-4439-AE68-5A9408CEB32B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FE217E2B-0876-4358-998C-B2EDA8CF1E6F}" = rport=138 | protocol=17 | dir=out | app=system |

"{FFF96442-F3C4-4DC5-9906-6EDA5BA31E71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09C6EE5F-EDAA-4ABE-82DE-05837D1B453E}" = dir=in | app=d:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013game.exe |

"{211EAFB2-EB65-4860-B6E0-DC31DCE59CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |

"{23F3D283-E018-4E75-8702-A5DD036366D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{279C1B9B-FF3E-49B3-9542-B01886B8CB11}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{2A10074F-3710-4183-A8FC-F7762712BF77}" = protocol=58 | dir=in | app=system |

"{2A480A95-A5B1-48D6-809C-CD5F840BAB96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{2C9426FE-8493-4A8C-81A1-959C92C6F68D}" = dir=out | app=d:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |

"{331BA8FD-73E9-4BD3-A7A9-D95235CA706D}" = dir=in | app=d:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013.exe |

"{3422F8DD-4E43-4DB7-BC2F-7F68F07CB55B}" = protocol=1 | dir=out | [email protected],-28544 |

"{352961E2-0D49-4035-BBE4-2C68EF87222E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{46118E91-CA5C-4C4B-9C90-25568709DA87}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{4961BCB2-05E4-4F8B-B1FA-40A696A0BD4B}" = protocol=17 | dir=in | app=c:\program files (x86)\intel\bluetooth\btplayerctrl.exe |

"{4D75CF5D-FCFF-4DE9-8824-C123915B1626}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{501FBF96-934B-4A3F-A5B1-EF047D6123C9}" = protocol=1 | dir=in | [email protected],-28543 |

"{561C7042-B983-4C4C-8A38-89134AF2AC00}" = protocol=58 | dir=out | [email protected],-503 |

"{5DE069FD-E1F6-442F-8E53-AEC747AAB76E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{70761430-1803-405C-8512-C334210A0FDA}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{79B919AC-1015-4621-A074-582B23E57719}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{7F15B47E-5BF9-491A-9201-196133556063}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{8477319C-D875-492E-9FAE-0783793AB7E9}" = protocol=6 | dir=in | app=c:\users\dom\appdata\local\temp\lrjt.exe |

"{8B819D2E-B15B-4413-9738-0A8AA4212B48}" = protocol=17 | dir=in | app=c:\program files (x86)\fujitsu\fujitsu hotkey utility\indicatoruty.exe |

"{8D838E4A-48B5-4087-A4F4-B600F347EC11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{90F52B9F-782D-4239-9103-25F0AC00D585}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |

"{9791E3C3-06B2-46D5-A7CD-47D3E0C35386}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{A2172B98-371B-4C52-AFB1-B809FA2E6543}" = protocol=6 | dir=in | app=c:\program files (x86)\intel\bluetooth\btplayerctrl.exe |

"{AD576577-7128-4F84-A1CF-E69DFFD4E14E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{AEE916E4-8268-4C87-BD7F-9DD8FAC28BF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{B1367F91-6C8E-418C-BF42-5984073A9DED}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{B555DCAB-AE9D-4636-821C-9276F2DB8D36}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{BD63C74E-9369-4F4C-8B84-C9E8C45AC147}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |

"{C0256098-1AB9-4DE1-95B7-BE7F55A97129}" = protocol=6 | dir=in | app=c:\users\dom\downloads\sky bootzer(1)\sky bootzer\sampfp.exe |

"{C5021A31-A095-4C4B-BB26-3692F9DBC3A8}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |

"{CB0AA7EE-3415-4B72-A650-D5E5908944AB}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |

"{D01BAFF6-C002-42A5-B7AA-154264ED81FD}" = protocol=58 | dir=out | [email protected],-28546 |

"{D8562C07-14F5-45BC-BC97-32874CFCC925}" = protocol=17 | dir=in | app=c:\users\dom\downloads\sky bootzer(1)\sky bootzer\sampfp.exe |

"{E7A6AAA3-FC6B-416C-B277-6838D5733A2E}" = protocol=17 | dir=in | app=c:\users\dom\appdata\local\temp\lrjt.exe |

"{ED8F54DF-A653-4BD1-984D-74C19E964477}" = protocol=6 | dir=in | app=c:\program files (x86)\fujitsu\fujitsu hotkey utility\indicatoruty.exe |

"{FB5A1E4D-C6C5-4B26-AA8D-43B0AFB4948D}" = protocol=58 | dir=in | [email protected],-28545 |

"TCP Query User{0518DDFB-2FB0-4039-AD2C-FC0943CB5136}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |

"TCP Query User{238E77E6-ADBB-4EA3-A813-7ACB2A4B298E}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |

"TCP Query User{4B946133-E03C-4BFB-94F3-D0363FB8E152}C:\users\dom\downloads\sky bootzer(1)\sky bootzer\sampfp.exe" = protocol=6 | dir=in | app=c:\users\dom\downloads\sky bootzer(1)\sky bootzer\sampfp.exe |

"TCP Query User{5971BC82-8C99-48E3-90FA-D3B77602D6B3}D:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin" = protocol=6 | dir=in | app=d:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin |

"TCP Query User{6B341D32-27F3-4410-A00B-4B9A836FA085}C:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe |

"TCP Query User{81CED8D0-9CDE-4BDD-A416-A1EB4F7D1371}C:\Program Files (x86)\Fujitsu\fujitsu hotkey utility\indicatoruty.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fujitsu\fujitsu hotkey utility\indicatoruty.exe |

"TCP Query User{98514C33-E4E1-4E08-8547-A5A56AE34C5E}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |

"TCP Query User{C74A60AC-E972-4ECA-8997-0990FE9D80F4}C:\Program Files (x86)\Intel\bluetooth\btplayerctrl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\bluetooth\btplayerctrl.exe |

"TCP Query User{F4F2E3FA-8752-4BC3-92F3-4B5E6E6F09D1}C:\users\dom\appdata\local\temp\lrjt.exe" = protocol=6 | dir=in | app=c:\users\dom\appdata\local\temp\lrjt.exe |

"TCP Query User{F94F9732-DD74-4FC3-BC12-84CDAB107C2F}C:\users\dom\appdata\local\gg\application\gghub.exe" = protocol=6 | dir=in | app=c:\users\dom\appdata\local\gg\application\gghub.exe |

"UDP Query User{15658E78-0492-4C71-9DB5-8ECA9BFE3D9A}D:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin" = protocol=17 | dir=in | app=d:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin |

"UDP Query User{1A1AF71B-B5BE-4003-8068-B23E03D5668A}C:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe |

"UDP Query User{4DAD4078-526C-43CD-B5A4-7BE65DEAC241}C:\users\dom\appdata\local\gg\application\gghub.exe" = protocol=17 | dir=in | app=c:\users\dom\appdata\local\gg\application\gghub.exe |

"UDP Query User{5E5DA706-B60D-406F-B093-8AB23DB93E0D}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |

"UDP Query User{6A9FF406-086D-495D-BDD6-452659A3B94B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |

"UDP Query User{6E0A8416-047C-4FC0-B4EE-EF224359DEEA}C:\users\dom\appdata\local\temp\lrjt.exe" = protocol=17 | dir=in | app=c:\users\dom\appdata\local\temp\lrjt.exe |

"UDP Query User{A28D88C9-0A28-4700-BD1C-FFA082F808D3}C:\Program Files (x86)\Intel\bluetooth\btplayerctrl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\bluetooth\btplayerctrl.exe |

"UDP Query User{C2E4732A-2B69-45C9-BD90-B296222A3091}C:\Program Files (x86)\Fujitsu\fujitsu hotkey utility\indicatoruty.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fujitsu\fujitsu hotkey utility\indicatoruty.exe |

"UDP Query User{CA90A433-A4FD-4970-8ADD-699B99A5D3BB}C:\users\dom\downloads\sky bootzer(1)\sky bootzer\sampfp.exe" = protocol=17 | dir=in | app=c:\users\dom\downloads\sky bootzer(1)\sky bootzer\sampfp.exe |

"UDP Query User{CACC6D91-0A33-4F70-BBBF-533F704955F2}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{37993A79-5D36-4227-B8E8-9BDE95B2CE45}" = Bolek i Lolek - Alfabet i nauka czytania

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live

"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution

"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials

"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live

"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources

"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish

"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení

"{BE739BC7-030F-4CAA-A6F9-EA59405B7E32}" = Program PIT 2012-2013

"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh

"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia

"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility

"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker

"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail

"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker

"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ALLPlayer_is1" = ALLPlayer V4.X

"ASCII Art Generator_is1" = ASCII Art Generator 3.2.2

"AutoItv3" = AutoIt v3.3.8.1

"avast" = avast! Free Antivirus

"DAEMON Tools Lite" = DAEMON Tools Lite

"DeskUpdate_is1" = DeskUpdate 4.11

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FlashGet3.7" = FlashGet3.7

"Fraps" = Fraps (remove only)

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager

"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel

"InstallShield_{AFFC0877-D62C-4A7D-A11F-1E73B5800D13}" = Bioshock

"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility

"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility

"KGB Archiver_is1" = KGB Archiver 1.2.1.24

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4

"Mozilla Firefox 19.0 (x86 pl)" = Mozilla Firefox 19.0 (x86 pl)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010

"PremiumSoft Navicat for MySQL_is1" = PremiumSoft Navicat 10.1 for MySQL

"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2

"RealPlayer 15.0" = RealPlayer

"SciTE4AutoIt3" = SciTE4AutoIt3 6/10/2012

"SP_4e24eecb" = Search Assistant WebSearch 1.74

"SpeedyDrive" = Speedy Drive (remove only)

"SubEdit-Player_is1" = SubEdit-Player

"TeamViewer 8" = TeamViewer 8

"TuneUp Utilities 2012_is1" = TuneUp Utilities 2012 wersja 12.0.3500.29

"uTorrent" = µTorrent

"Winamp" = Winamp

"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.11 (32-bitowy)

"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.73

"Worms Armageddon Patch" = Worms Armageddon Patch

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DDFinal" = DDFinal

"GG" = GG

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 1/28/2013 10:04:21 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

Error - 1/29/2013 1:57:38 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

Error - 1/29/2013 5:05:37 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

Error - 1/29/2013 5:16:11 PM | Computer Name = Dom-Komputer | Source = CVHSVC | ID = 100

Description = Tylko informacje. (Patch task for {90140011-0066-0415-0000-0000000FF1CE}):

DownloadLatest Failed:

 

Error - 1/30/2013 1:17:10 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

Error - 1/30/2013 2:18:26 AM | Computer Name = Dom-Komputer | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: wa.exe, wersja: 3.0.0.0, sygnatura

czasowa: 0x3d5bbcf6 Nazwa modułu powodującego błąd: wa.exe, wersja: 3.0.0.0, sygnatura

czasowa: 0x3d5bbcf6 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00081982 Identyfikator

procesu powodującego błąd: 0x190c Godzina uruchomienia aplikacji powodującej błąd:

0x01cdfeb1687a222f Ścieżka aplikacji powodującej błąd: D:\Program Files (x86)\Worms

Armagedon\wa.exe Ścieżka modułu powodującego błąd: D:\Program Files (x86)\Worms

Armagedon\wa.exe Identyfikator raportu: dac7a52f-6aa4-11e2-bbe5-4c809354acd0

 

Error - 1/30/2013 3:16:22 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

Error - 1/31/2013 5:58:53 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

Error - 1/31/2013 11:06:35 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

Error - 1/31/2013 11:11:02 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10

Description =

 

[ System Events ]

Error - 2/26/2013 11:56:31 AM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 11:57:01 AM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 11:57:31 AM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 11:58:01 AM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 11:58:31 AM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 11:59:01 AM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 11:59:31 AM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 12:00:01 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 12:00:31 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

Error - 2/26/2013 12:01:01 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023

Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił

następujący błąd: %%126

 

 

< End of report >

 

 

 

[Fr3shMak3r]

Avast sobie poradzil z Sality pewnie tylko dlatego ze masz system 64bit a ta infekcja zaraza tylko 32bitowe pliki .

W logach nie widze juz Sality .

[SmokeEveryDay]

No tak mam 64 bitowa siodemke

 

A to ze zaraza tylko 32 to nie wiedzialem, dlatego laptop odpalil po czyszczeniu

 

No i pousuwalo mi takie programy/gry jak rar, gta SA, CS 1.6 itp itd

 

 

A pisales ze avast sobie nie poradzi z tym, a jednak

[Fr3shMak3r]

No wiesz w przypadku 32bitowego systemu to Avast by ci byc moze nie odpalil .

[SmokeEveryDay]

Nie odpalil by bo by mi exe zavirusowalo

 

Dobra dzieki za sprawdzenie logow