Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wirus wysyłanie wiadomości na facebook'u i skype
22 Kwi 2013, 20:04
Hej, otóż mam problem, w menedżerze zadań robi się dużo "wirusowych" procesów, które moim zdaniem wysyłają wiadomości na facebook'u o jakimś zdjęciu.
Log z OTL -
Log z OTL -
- Kod:
OTL logfile created on: 2013-04-22 19:59:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1\Documents
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,87 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 59,48% Memory free
4,80 Gb Paging File | 3,78 Gb Available in Paging File | 78,69% Paging File free
Paging file location(s): a:\pagefile.sys 2600 2700c:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,94 Gb Total Space | 79,57 Gb Free Space | 56,45% Space Free | Partition Type: NTFS
Computer Name: 1-KOMPUTER | User Name: 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-04-22 19:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1\Documents\OTL.exe
PRC - [2013-04-06 12:40:38 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-03-13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-02-27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-02-26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-02-19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-02-19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013-02-18 20:45:06 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013-01-15 19:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012-12-10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012-12-10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012-07-02 16:15:14 | 000,380,328 | ---- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- A:\Programy\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-12-18 21:48:04 | 000,295,936 | ---- | M] (Mz Ultimate Tools) -- C:\Program Files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe
PRC - [2003-02-21 12:46:58 | 000,191,488 | ---- | M] () -- A:\Gry PC\gamma adjuster\GammaAdjuster.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-03-17 14:09:45 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013-01-15 19:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2013-01-08 21:29:41 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2013-01-07 18:57:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2013-01-07 18:56:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2013-01-07 18:56:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2013-01-07 18:56:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2013-01-07 18:56:02 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2013-01-07 18:55:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011-09-19 09:07:38 | 000,058,368 | ---- | M] () -- C:\Windows\System32\bdmpega.acm
MOD - [2011-02-04 16:36:39 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pl_b77a5c561934e089\System.resources.dll
MOD - [2003-02-21 12:46:58 | 000,191,488 | ---- | M] () -- A:\Gry PC\gamma adjuster\GammaAdjuster.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2013-03-17 14:09:45 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-02-19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-02-18 20:45:06 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013-01-26 10:57:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-12-10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-09-05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012-08-25 16:26:35 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-08-03 15:32:42 | 000,397,848 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012-08-01 16:50:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-07-17 16:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012-07-02 16:15:14 | 000,380,328 | ---- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2012-06-11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- A:\Programy\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-12-28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [Disabled | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\mseow.sys -- (mseow)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\gmzioaj.sys -- (gmzioaj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys -- (FairplayKD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013-03-01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-02-26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-02-18 20:45:06 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013-02-08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-02-08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-02-08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-02-08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-02-08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013-01-07 18:27:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013-01-07 18:27:51 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2013-01-07 18:27:51 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-12-02 21:46:19 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012-10-05 14:54:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2012-09-05 17:34:00 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-08-01 18:16:48 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012-07-05 13:53:38 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- A:\Programy\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012-07-05 13:53:36 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- A:\Programy\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2012-07-02 16:15:18 | 000,975,272 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV - [2012-06-11 12:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012-01-05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- A:\Programy\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011-12-29 13:37:44 | 000,028,464 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2011-05-13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-05-13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010-11-26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010-11-09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010-11-04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010-11-01 07:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010-03-16 10:58:38 | 000,014,400 | ---- | M] (SR Research Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ebinfiltr.sys -- (ebinfiltr)
DRV - [2009-09-21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-08-22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009-07-23 22:02:56 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-12-26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2007-11-09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007-07-15 03:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={70B915DA-9864-441E-BADD-4054F6A5AE3C}&mid=c129b2926a484ecf849f2a0a57be5a4a-737d6be3d3d76da21980eded92fe6334dfb0c32a&lang=pl&ds=is015&pr=sa&d=2012-09-28 20:55:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.pah.org.pl/pajacyk/dziekujemy"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.145.0
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.14.100013
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_US&apn_uid=09DD9307-79BE-4CCD-BE0D-D1F909FCEC43&apn_ptnrs=^U3&apn_sauid=A3031538-0F14-41C7-B751-AA56DE6FB939&apn_dtid=^YYYYYY^YY^PL&&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\1\AppData\Local\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-18 20:45:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013-01-27 15:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-01-26 10:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2012-08-02 18:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\mozilla\Extensions
[2013-02-03 09:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions
[2012-09-24 19:13:01 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2012-10-19 18:57:58 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2013-01-14 19:33:23 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2012-08-26 18:04:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2013-02-03 10:01:47 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2012-09-21 23:03:06 | 000,005,403 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\[email protected]
[2013-01-27 16:59:17 | 000,242,487 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\[email protected]
[2013-01-30 21:28:12 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\[email protected]
[2013-02-01 15:42:42 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-01-14 19:33:22 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013-01-15 20:24:20 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013-03-17 22:21:42 | 000,002,575 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\askcom.xml
[2012-08-26 18:03:40 | 000,003,915 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\sweetim.xml
[2012-09-07 15:02:42 | 000,002,469 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\Web Search.xml
[2013-01-26 10:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-01-26 10:57:14 | 000,000,000 | ---D | M] ("BitAccelerator") -- C:\Program Files\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
[2013-01-27 15:23:29 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2013-01-26 10:57:27 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-06-28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2013-01-05 17:46:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-18 20:45:31 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-08-11 14:04:57 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013-01-05 17:46:01 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-01-05 17:46:01 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-01-05 17:46:01 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-10-22 16:11:30 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2013-01-05 17:46:01 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-01-05 17:46:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\1\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: James White = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Battlefield Heroes = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Adblock Plus = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Tampermonkey = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124.188_0\
CHR - Extension: BitAccelerator = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngjfmklipimnkegmcilmbhchklgjgfl\1.1_0\
CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: James White = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Battlefield Heroes = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Adblock Plus = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Tampermonkey = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124.188_0\
CHR - Extension: BitAccelerator = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngjfmklipimnkegmcilmbhchklgjgfl\1.1_0\
CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
O1 HOSTS File: ([2012-11-04 12:49:05 | 000,000,888 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 65.52.240.48
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GammaAdjuster] A:\Gry PC\gamma adjuster\GammaAdjuster.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [bfcadfccsacfsfdsf] C:\ProgramData\bfcadfccsacfsfdsf.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Ceujmgywnzatxwwn.exe] C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe ()
O4 - HKCU..\Run: [MzRAMBooster] C:\Program Files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe (Mz Ultimate Tools)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\1\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D25B12F-707F-486E-A618-1E8FFA0178FC}: DhcpNameServer = 194.204.152.34 194.204.159.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wlpg - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\Windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f874c611-f75b-11e1-a6fd-001636e517b0}\Shell - "" = AutoRun
O33 - MountPoints2\{f874c611-f75b-11e1-a6fd-001636e517b0}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-04-22 19:34:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-04-22 19:33:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\1\Documents\OTL.exe
[2013-04-22 16:14:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-04-22 16:12:21 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\AVG2013
[2013-04-22 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013-04-22 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\TuneUp Software
[2013-04-22 16:08:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013-04-22 16:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013-04-22 16:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013-04-22 16:07:16 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\MFAData
[2013-04-22 16:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013-04-22 16:07:16 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Avg2013
[2013-04-22 15:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-04-22 15:11:09 | 000,182,784 | ---- | C] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe
[2013-04-20 22:42:13 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013-04-20 22:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-04-20 22:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013-04-13 19:08:34 | 000,519,168 | ---- | C] (TroyaN) -- C:\Users\1\Desktop\Tak.exe
[2013-04-09 20:43:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013-04-09 20:42:41 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013-04-09 20:42:41 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2013-04-09 20:42:40 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2013-04-09 20:42:40 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2013-04-09 20:42:40 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013-04-09 20:42:40 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013-04-09 20:42:40 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013-04-09 20:42:40 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013-04-09 20:42:40 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2013-04-09 20:42:40 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2013-04-09 20:42:39 | 002,417,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013-04-09 20:42:39 | 001,497,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013-04-09 20:42:39 | 000,645,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013-04-09 20:42:39 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2013-04-09 20:42:39 | 000,192,104 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2013-04-09 20:42:39 | 000,087,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2013-04-09 20:42:39 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2013-04-09 20:42:39 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2013-04-09 20:42:39 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2013-04-09 20:42:38 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2013-04-09 20:42:38 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2013-04-09 20:42:38 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2013-04-09 20:42:38 | 003,173,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013-04-09 20:42:38 | 001,185,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2013-04-09 20:42:38 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2013-04-09 20:42:38 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2013-04-09 20:42:38 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2013-04-09 20:42:38 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2013-04-09 20:42:38 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2013-04-09 20:42:38 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2013-04-09 20:42:38 | 000,105,824 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2013-04-09 20:42:38 | 000,091,488 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2013-04-09 20:42:38 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2013-04-09 20:42:38 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2013-04-09 20:42:38 | 000,061,792 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2013-04-09 20:42:37 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013-04-09 20:42:37 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2013-04-09 20:42:37 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2013-04-09 20:42:37 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2013-04-09 20:42:37 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013-04-09 20:42:37 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013-04-09 20:42:35 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2013-04-09 20:42:35 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2013-04-09 20:42:35 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2013-04-09 20:42:35 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2013-04-09 20:42:35 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2013-04-09 20:42:35 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2013-04-09 20:42:35 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2013-04-09 20:42:35 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2013-04-09 20:42:35 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2013-04-09 20:42:35 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2013-04-09 20:42:35 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2013-04-09 20:42:35 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2013-04-09 20:42:35 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2013-04-09 20:42:35 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2013-04-09 20:42:35 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2013-04-09 20:42:35 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2013-04-09 20:42:35 | 000,176,736 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013-04-09 20:42:35 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013-04-02 15:35:56 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2013-04-02 15:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
[2013-04-02 15:35:53 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
[2013-03-27 13:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-04-22 20:03:41 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe
[2013-04-22 20:03:39 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe
[2013-04-22 19:52:28 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe
[2013-04-22 19:44:24 | 000,021,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-04-22 19:44:24 | 000,021,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-04-22 19:42:17 | 000,661,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-04-22 19:42:17 | 000,125,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-04-22 19:42:17 | 000,026,954 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-04-22 19:42:17 | 000,012,646 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-04-22 19:36:01 | 003,702,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-04-22 19:35:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-04-22 19:35:33 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys
[2013-04-22 19:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1\Documents\OTL.exe
[2013-04-22 19:29:48 | 000,103,424 | ---- | M] () -- C:\Users\1\AppData\Roaming\42CE.exe
[2013-04-22 19:26:24 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Vattlndlblsewagb.exe
[2013-04-22 19:24:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isjwlfosmicqgbrq.exe
[2013-04-22 19:09:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Wpdehzkkewqgochs.exe
[2013-04-22 19:06:52 | 000,216,538 | ---- | M] () -- C:\Users\1\Desktop\krzysiubobr.jpg
[2013-04-22 19:06:52 | 000,006,428 | ---- | M] () -- C:\Users\1\.recently-used.xbel
[2013-04-22 17:23:54 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Knaimcwyyxunfcfk.exe
[2013-04-22 16:38:18 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isynqidzpmpkcskv.exe
[2013-04-22 16:09:58 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013-04-22 15:34:00 | 000,117,996 | ---- | M] () -- C:\Users\1\Desktop\kon-dom.jpg
[2013-04-22 14:30:09 | 000,975,558 | ---- | M] () -- C:\Users\1\Desktop\gaddemjuson.jpg
[2013-04-22 09:58:22 | 001,398,249 | ---- | M] () -- C:\Users\1\Desktop\2013-04-22 09.58.22.jpg
[2013-04-22 09:08:14 | 001,045,118 | ---- | M] () -- C:\Users\1\Desktop\2013-04-22 09.08.15.jpg
[2013-04-21 17:05:53 | 002,466,286 | ---- | M] () -- C:\Users\1\Desktop\nafejsa.jpg
[2013-04-21 16:53:04 | 000,223,321 | ---- | M] () -- C:\Users\1\Desktop\avatarnaskajp.jpg
[2013-04-21 16:26:39 | 001,644,157 | ---- | M] () -- C:\Users\1\Desktop\Bez nazwy.xcf
[2013-04-21 13:20:27 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2013-04-20 13:13:52 | 000,000,213 | ---- | M] () -- C:\Users\1\Desktop\Left 4 Dead.url
[2013-04-19 21:20:34 | 000,011,830 | ---- | M] () -- C:\Users\1\AppData\Local\recently-used.xbel
[2013-04-14 12:18:59 | 000,006,662 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.ini
[2013-04-14 08:56:30 | 000,006,662 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.bak
[2013-04-14 08:27:49 | 000,006,662 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.bko
[2013-04-13 19:08:16 | 000,519,168 | ---- | M] (TroyaN) -- C:\Users\1\Desktop\Tak.exe
[2013-04-13 18:47:46 | 000,096,256 | ---- | M] () -- C:\Users\1\AppData\Roaming\chrtmp
[2013-04-08 15:55:25 | 000,001,099 | ---- | M] () -- C:\Users\1\Desktop\GammaAdjuster — skrót.lnk
[2013-04-08 15:52:49 | 000,006,685 | ---- | M] () -- C:\Users\1\AppData\Roaming\PStrip.bk!
[2013-03-27 08:22:19 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3838626967-3587868773-1472854575-1000Core1ce2ab36f84c811.job
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-04-22 19:52:27 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe
[2013-04-22 19:35:37 | 003,702,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-04-22 19:29:48 | 000,103,424 | ---- | C] () -- C:\Users\1\AppData\Roaming\42CE.exe
[2013-04-22 19:26:24 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Vattlndlblsewagb.exe
[2013-04-22 19:24:00 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Isjwlfosmicqgbrq.exe
[2013-04-22 19:08:59 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Wpdehzkkewqgochs.exe
[2013-04-22 19:06:52 | 000,216,538 | ---- | C] () -- C:\Users\1\Desktop\krzysiubobr.jpg
[2013-04-22 19:06:52 | 000,006,428 | ---- | C] () -- C:\Users\1\.recently-used.xbel
[2013-04-22 17:23:54 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Knaimcwyyxunfcfk.exe
[2013-04-22 16:38:18 | 000,103,424 | RH-- | C] () -- C:\Users\1\AppData\Roaming\Isynqidzpmpkcskv.exe
[2013-04-22 16:09:58 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013-04-22 15:34:00 | 000,117,996 | ---- | C] () -- C:\Users\1\Desktop\kon-dom.jpg
[2013-04-22 14:30:08 | 000,975,558 | ---- | C] () -- C:\Users\1\Desktop\gaddemjuson.jpg
[2013-04-22 09:58:23 | 001,398,249 | ---- | C] () -- C:\Users\1\Desktop\2013-04-22 09.58.22.jpg
[2013-04-22 09:08:15 | 001,045,118 | ---- | C] () -- C:\Users\1\Desktop\2013-04-22 09.08.15.jpg
[2013-04-21 17:05:52 | 002,466,286 | ---- | C] () -- C:\Users\1\Desktop\nafejsa.jpg
[2013-04-21 16:26:39 | 001,644,157 | ---- | C] () -- C:\Users\1\Desktop\Bez nazwy.xcf
[2013-04-21 13:34:33 | 000,223,321 | ---- | C] () -- C:\Users\1\Desktop\avatarnaskajp.jpg
[2013-04-21 13:20:27 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2013-04-20 13:13:52 | 000,000,213 | ---- | C] () -- C:\Users\1\Desktop\Left 4 Dead.url
[2013-04-19 21:20:34 | 000,011,830 | ---- | C] () -- C:\Users\1\AppData\Local\recently-used.xbel
[2013-04-09 20:42:38 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013-04-08 15:55:25 | 000,001,099 | ---- | C] () -- C:\Users\1\Desktop\GammaAdjuster — skrót.lnk
[2013-03-27 08:22:19 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3838626967-3587868773-1472854575-1000Core1ce2ab36f84c811.job
[2013-03-24 17:34:57 | 000,096,256 | ---- | C] () -- C:\Users\1\AppData\Roaming\chrtmp
[2013-02-23 22:30:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013-02-03 19:51:35 | 001,213,520 | ---- | C] () -- C:\Users\1\ts3_recording_13_02_03_18_51_34.wav
[2013-02-03 19:50:56 | 002,284,880 | ---- | C] () -- C:\Users\1\ts3_recording_13_02_03_18_50_55.wav
[2013-02-01 20:54:36 | 002,476,880 | ---- | C] () -- C:\Users\1\ts3_recording_13_02_01_19_54_32.wav
[2013-01-21 17:03:06 | 001,099,056 | ---- | C] () -- C:\Users\1\ts3_recording_13_01_21_16_3_4.wav
[2013-01-18 22:36:46 | 000,000,132 | ---- | C] () -- C:\Users\1\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
[2013-01-13 23:29:16 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012-12-25 19:22:04 | 000,000,652 | ---- | C] () -- C:\Windows\eReg.dat
[2012-12-19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012-12-04 17:53:14 | 000,552,233 | ---- | C] () -- C:\Users\1\Laboratory_Clinical_Art.wal
[2012-11-14 21:01:54 | 000,000,158 | ---- | C] () -- C:\Users\1\.gtkrc-2.0
[2012-11-06 18:57:53 | 000,000,089 | ---- | C] () -- C:\Users\1\AppData\Local\fusioncache.dat
[2012-11-06 16:39:51 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2012-11-06 15:53:30 | 001,426,411 | ---- | C] () -- C:\Users\1\AppData\Local\Tempmusic.ogg
[2012-11-04 12:40:29 | 000,006,656 | ---- | C] () -- C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-11-02 12:54:53 | 000,000,025 | ---- | C] () -- C:\Users\1\AppData\Roaming\mta.ini.ini
[2012-10-28 21:21:14 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2012-10-16 18:49:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-10-16 18:23:16 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2012-10-11 14:36:24 | 000,001,654 | ---- | C] () -- C:\Users\1\AppData\Roaming\SvcTraceViewer.exe.settings
[2012-10-07 15:16:10 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-09-28 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\tmb1-v32.dll
[2012-09-24 19:44:18 | 000,138,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012-09-24 19:44:18 | 000,138,904 | ---- | C] () -- C:\Users\1\AppData\Roaming\PnkBstrK.sys
[2012-09-24 19:43:46 | 000,281,872 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012-09-24 19:43:43 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012-09-24 16:08:59 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012-09-10 15:03:22 | 000,071,040 | ---- | C] () -- C:\Windows\System32\deformerdll.dll
[2012-09-10 15:02:56 | 000,192,512 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2012-09-10 15:01:57 | 000,389,632 | ---- | C] () -- C:\Windows\System32\granny2.dll
[2012-09-04 16:18:42 | 000,003,153 | ---- | C] () -- C:\Program Files\visit-nosteam-forum.html
[2012-09-04 16:18:42 | 000,000,077 | ---- | C] () -- C:\Program Files\update-l4d.bat
[2012-09-02 18:09:06 | 000,045,270 | ---- | C] () -- C:\Users\1\AppData\Roaming\room_v3.dat
[2012-08-31 09:08:23 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2012-08-24 07:20:01 | 000,006,685 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.bk!
[2012-08-24 07:19:11 | 000,006,662 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.bko
[2012-08-23 22:17:53 | 000,006,662 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.bak
[2012-08-23 20:50:05 | 000,006,662 | ---- | C] () -- C:\Users\1\AppData\Roaming\PStrip.ini
[2012-08-23 20:25:18 | 000,007,607 | ---- | C] () -- C:\Users\1\AppData\Local\Resmon.ResmonCfg
[2012-08-22 09:29:09 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2012-08-12 15:37:52 | 000,081,938 | ---- | C] () -- C:\Users\1\AppData\Roaming\.mineshaftersquaredminecraft.jar
[2012-08-12 15:37:52 | 000,076,964 | ---- | C] () -- C:\Users\1\AppData\Roaming\.mineshaftersquaredminecraft_modified.jar
[2012-08-10 21:52:15 | 000,001,126 | ---- | C] () -- C:\Program Files\Camtasia Studio 8.lnk
[2012-08-09 15:57:15 | 000,000,163 | ---- | C] () -- C:\Windows\AutoScreenRecorder.INI
[2012-07-12 16:25:22 | 000,639,488 | ---- | C] () -- C:\Windows\System32\ficvdec_x86.dll
[2011-09-19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011-09-19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2003-04-09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\1\AppData\Roaming\MafiaSetup.exe
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Re: Wirus wysyłanie wiadomości na facebook'u i skype
22 Kwi 2013, 20:11
- Kod:
OTL Extras logfile created on: 2013-04-22 19:59:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1\Documents
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,87 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 59,48% Memory free
4,80 Gb Paging File | 3,78 Gb Available in Paging File | 78,69% Paging File free
Paging file location(s): a:\pagefile.sys 2600 2700c:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,94 Gb Total Space | 79,57 Gb Free Space | 56,45% Space Free | Partition Type: NTFS
Computer Name: 1-KOMPUTER | User Name: 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [Bridge] -- A:\Programy\Adobe Photoshop\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18EEDE9A-84E8-4100-BD8E-59B565A8220E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1D5256E5-A532-4678-92A2-62EA668F0A19}" = lport=16276 | protocol=6 | dir=in | name=bitcomet 16276 tcp |
"{44560B93-41E8-4A20-B3BA-45827E739BAA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7B37C7F3-A348-42FA-8191-5CD8DF3A150A}" = lport=16276 | protocol=17 | dir=in | name=bitcomet 16276 udp |
"{9D452915-CAAC-4E26-8EC2-7D1A8D7E63C0}" = lport=7767 | protocol=17 | dir=in | name=bitcomet 7767 udp |
"{EEC7EAB0-9755-4368-BE73-A7D81DFDD370}" = lport=7767 | protocol=6 | dir=in | name=bitcomet 7767 tcp |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD7F2A-BF00-4919-B059-04A8B2A4AF35}" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"{04EFFDD9-46C9-4E8F-B2A8-8B3C6A4C3DE2}" = protocol=6 | dir=in | app=c:\program files\littlefighter\lf2.exe |
"{07D7C475-DE58-4E1B-B231-DFEE24E44B40}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{083F958C-C374-4279-AA88-E95CCF71CF21}" = protocol=58 | dir=out | [email protected],-503 |
"{10AF226B-715A-4493-8BC5-C65B3753D16F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{1258F21C-A4A2-4926-A7C3-19F337302973}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"{13B9781C-F3E4-4B6B-B23E-E919F102FEAC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\and yet it moves\and yet it moves.exe |
"{17577372-4F91-4A29-8711-AA161740193A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"{179668CE-4ABC-4D14-BD42-63305CAFA35C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1E963030-712F-4C52-A230-74454FD6DF8D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
"{1F2D02F3-295D-442B-AE08-C645BE1CEEB0}" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"{208DEE90-040C-4395-B9E2-6589864BC6D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"{22068114-AFA3-43E0-B1F4-4C7730F69CD9}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{28B89BD4-E9D5-4531-B3E2-EC02E4D3FF5F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\team fortress classic\hl.exe |
"{29056B06-1FEB-4B15-9707-42F8E26A6F4D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2FDD8CBF-4941-49E9-8BB0-92892C9A1285}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{30CFEBB7-A5BB-40CB-8720-0CB0A107F314}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{321A8A34-F633-4CD2-9D11-B9BD824FF482}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{385C3EFF-0D16-404A-B1DA-F98F0B7CCCB4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\half-life\hl.exe |
"{39B0E3B4-DBA4-495C-A8DE-EDBE56ED8C25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{3AF84A8E-5824-4A1C-80A6-233E90CC2C44}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{3F330334-B262-433E-80A4-F12E2DFFAB5F}" = dir=in | app=c:\users\1\appdata\local\microsoft\skydrive\skydrive.exe |
"{42504C65-26E2-4F4B-986D-FB6C35AA4572}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe |
"{4641FA93-349E-4FB2-B40F-59D79B1FCBD7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{48344051-9891-4B58-B6A4-8EC8821AC587}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{495E13B5-96B8-46C8-9DF9-B4EA2DAA8621}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{4A292CAA-3113-4611-B57E-88DF4671C134}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe |
"{4FB1956F-EFFA-4C72-B79F-784D9D77F4AF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{53400292-0947-43F6-9DA8-72D699D3F263}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\team fortress classic\hl.exe |
"{564CFEB8-6172-492F-8626-7D43EF8D2679}" = protocol=58 | dir=in | app=system |
"{5842BF47-57EB-47DF-B0FB-44CA2B983E6E}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe |
"{5A6A8F66-E0F8-40F0-9649-ECE43551E34A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
"{64CE87BE-1354-429D-9DCE-67F2CC906C0A}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6A5CC00E-0B39-4803-8584-2B5E178B862A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spacechem\spacechem.exe |
"{6B332FB0-5FF9-4719-8DAC-3BAE222466A7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{6E8CFE22-461E-46F5-90A7-FC73F157CBAC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7264E410-D183-40C5-B6AD-7278CB44F2CB}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{756BD57A-52D9-45B7-A3F3-11F2DA3ADF05}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spacechem\spacechem.exe |
"{7F7F95E5-67D7-4C61-926A-CC11C418E73B}" = protocol=17 | dir=in | app=c:\users\1\kag\kag.exe |
"{85CCD7B1-EBE4-4FE4-821E-9F7F5798B5C1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{86DEF6AA-393B-44BC-8A7A-69DA78B04E77}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CAC59B5-41F1-40C1-A8F9-332526AE0DEA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{930D6FC3-1C7F-446D-AD4A-FE1F4BAB5BA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{943FFAFA-7747-4022-A222-E7A263A44250}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{960DABCF-137E-4351-B3D4-D8918D2BEF76}" = protocol=6 | dir=in | app=c:\users\1\kag\kag.exe |
"{96391907-3B2F-4E42-B0DD-3F97BBE082E5}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe |
"{9B14E964-75C0-4FFE-9568-EAD6F26487C0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe |
"{9C0048BA-20A2-406E-9B85-DF62227762CC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\seriouseditor2.exe |
"{A0C755D0-0A80-488D-8EEA-674F6BBE11D8}" = protocol=17 | dir=in | app=c:\program files\littlefighter\lf2.exe |
"{A35E9B76-0798-409F-A0C6-B96F00FE913F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\and yet it moves\and yet it moves.exe |
"{A914A633-EC12-47BB-AC9D-AE9E8B2F0965}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{B1C3B098-F19D-4FA6-9EB7-0738A13286CE}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{B8097AA4-D517-4FF8-99FF-C170AB0D6998}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\half-life\hl.exe |
"{BCD0451A-BA6F-4916-9329-5CA36E5419A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{C1A6095E-A532-44CE-A8A6-F01CB672816B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe |
"{CA8D6C54-9047-44B4-914C-8BD81B19E3E4}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\directdownloader\directdownloader.exe |
"{CBB10563-D789-4DDF-A7E3-C2FF7BCDCC7E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{CC29D6DE-24F9-4B21-B58D-CA0A050D5EFD}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{D5264D25-485C-4102-ADA2-F5A2482302ED}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D6A8485F-8509-42D9-9BF6-75C235E1B74F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D72ED1F4-A1A0-4FD7-8009-2E326BB585A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{D829EB77-9149-440F-8E52-39E85A01568F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC2EEC3F-599D-4CC8-8B48-CD70F2FB51FC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DEAD0767-6BA2-4DCA-A95C-6124D564E72E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{E0CEE3CB-B3CB-4E15-9C63-942029C6B488}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{E3C8FD59-5DE7-4E5A-A995-744B6A74F708}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E74FAB6A-001E-46B8-8BFB-908834ACFE9F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\seriouseditor2.exe |
"{E87F8297-37BD-4A77-9C72-23EEDEA9B929}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe |
"{E8F3B5FB-C101-47BF-B84A-255B28AB1F62}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E9A71877-F9F4-466F-BFE0-87B7ECA50D70}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EB12DFB5-F486-4096-A0B2-30766397AF83}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F09BC7C3-73BB-4206-831A-DC61C7091B18}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{F1CEDB99-6589-412A-B8AD-1B0295D74A2B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{F807AD7F-FC17-4B93-957F-C453DC43A1B8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FBD1C72B-9178-498F-ACFF-4553BEA3754F}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{FFE5E1D3-A44D-49B4-9AF4-F4C0A576B132}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"TCP Query User{61099D0A-6773-44B9-B2F1-9781D62B90B4}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{7F164764-EE1F-4C72-8BDC-7BA1E0A45863}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{B94AC74A-B1DB-4638-93C3-9D780A9529B6}C:\users\1\kag\kag.exe" = protocol=6 | dir=in | app=c:\users\1\kag\kag.exe |
"TCP Query User{E15C0F31-E4D2-4600-93F4-8E5B79A86428}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{ED113E2F-6D61-45B5-9142-87D647B9BED9}C:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
"TCP Query User{F2DD283E-FF5B-4541-B9E5-5B15E3612B6D}C:\program files\littlefighter\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter\lf2.exe |
"TCP Query User{F30A0EBC-FA20-4B28-94E5-8380554673C6}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{3AC948EC-9F3F-4834-8BD3-10525BD8FDD0}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{42BCBB84-D5B4-4368-9825-82B187B0F919}C:\users\1\kag\kag.exe" = protocol=17 | dir=in | app=c:\users\1\kag\kag.exe |
"UDP Query User{47806987-D4C6-4125-886F-05ABE2BD608C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{82F3CF0A-BD79-4DF7-8085-95DD86E5963D}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{8547D86C-18A3-4403-9670-BF0506AF18C6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{99F1F620-2E84-47A3-AB55-48804A0C6F09}C:\program files\littlefighter\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter\lf2.exe |
"UDP Query User{F7190B64-93FF-4853-AC6D-0D28F245D425}C:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{046C9272-6E16-4C47-8BEF-4880417304DF}" = SLOW-PCfighter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D5BEFA3-889A-4AD5-8771-310BAEB0E2FC}" = Qtrax Player
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{3825F8BD-F784-6FBB-A5CD-857559148007}" = AMD Catalyst Install Manager
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{5D8A40E9-8E59-3761-98DE-2C9F7303FA17}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{643B056F-61C1-4489-9797-4D846D101A7A}" = King Arthur's Gold
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F62E665-AC12-4DE0-88AA-C6EE7F5DBAAB}" = YouTube Playlist Converter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7914488D-F56B-464F-B735-F8E972E5E208}" = Photo Common
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.2.1
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8EEED220-D348-4F49-8C82-B11F6C5450C7}" = Movie Maker
"{90B936B2-33E6-4FE8-9A64-08EEB42AF2B1}" = Podstawowe programy Windows Live
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AA21F4-C8CE-4380-995A-992536463263}" = Galeria fotografii
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Polish
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek PCI Fast Ethernet Controller Driver For Vista and Win7
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1F8F5EB-75E2-40C3-9A50-7907F1C910F1}" = Camtasia Studio 8
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Obsługa programów Apple
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D48BCCD6-D2E2-42F4-B8E8-D7BC10C568EC}" = Windows Live UX Platform Language Pack
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.33
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E320B23C-E9DC-377C-837E-D6D4BD27B169}" = Google Talk Plugin
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.20
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Pakiet sterowników systemu Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AIMP3" = AIMP3
"Ares" = Ares 2.1.9
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"AviScreen Classic (Freeware)_is1" = AviScreen Classic Version 1.3
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitComet" = BitComet 1.33
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"claro" = Claro LTD toolbar on IE
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"DMX5_is1" = DriverMax 7
"Driver Magician_is1" = Driver Magician 3.7
"DriverAgent.exe" = DriverAgent by eSupport.com
"Duke Nukem 3D_is1" = Duke Nukem 3D
"Dxtory_is1" = Dxtory 1.0.93
"Dxtory2.0_is1" = Dxtory version 2.0.112
"EAX Unified" = EAX Unified
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FilesFrog Update Checker" = FilesFrog Update Checker
"foobar2000" = foobar2000 v1.2.3
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Freemake Video Converter_is1" = Freemake Video Converter wersja 3.1.1
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"GameSpy Software" = GameSpy Software
"Hero Fighter" = Hero FighterWAR
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Little Fighter" = Little Fighter
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia" = Mafia
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Mirillis Action!" = Action!
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 18.0.1 (x86 pl)" = Mozilla Firefox 18.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"Multi Theft Auto" = Multi Theft Auto
"MzRAMBooster_is1" = Mz RAM Booster
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Open Broadcaster Software" = Open Broadcaster Software
"Opera 12.15.1748" = Opera 12.15
"Pivot Animator_is1" = Pivot Animator version 4.1.6
"POD-Bot 2.5" = POD-Bot 2.5
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RocketDock_is1" = RocketDock 1.3.5
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Sapphire TRIXX" = Sapphire TRIXX
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SLOW-PCfighter" = SLOW-PCfighter
"Smart Defrag 2_is1" = Smart Defrag 2
"Soldat_is1" = Soldat 1.6.3
"ST6UNST #1" = HLTooLz
"Steam App 10" = Counter-Strike
"Steam App 17500" = Zombie Panic Source
"Steam App 18700" = And Yet It Moves
"Steam App 20" = Team Fortress Classic
"Steam App 204340" = Serious Sam 2
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 30" = Day of Defeat
"Steam App 41100" = Hammerfight
"Steam App 500" = Left 4 Dead
"Steam App 70300" = VVVVVV
"Steam App 92800" = SpaceChem
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Updater Service" = Updater Service
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.11 (32-bitowy)
"Wisdom-soft AutoScreenRecorder 3.1 Free" = Wisdom-soft AutoScreenRecorder 3.1 Free
"Wise Game Booster_is1" = Wise Game Booster 1.09
"xvid" = XviD MPEG-4 Video Codec
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"DirectDownloader" = DirectDownloader
"GamersFirst LIVE!" = GamersFirst LIVE!
"GG" = GG
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Third Age - Total War 3.0 (Part 1of2)" = Third Age - Total War 3.0 (Part 1of2)
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Detektor Winampa
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2012-09-24 07:50:15 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe,
wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd:
NPSWF32_11_4_402_265.dll, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf58e Kod
wyjątku: 0xc0000005 Przesunięcie błędu: 0x002100fa Identyfikator procesu powodującego
błąd: 0xa6c Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a4924012658 Ścieżka
aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
Ścieżka
modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
Identyfikator
raportu: 00b8ef94-063e-11e2-80f0-001636e517b0
Error - 2012-09-24 08:08:01 | Computer Name = 1-Komputer | Source = Application Hang | ID = 1002
Description = Program vegas90.exe w wersji 9.0.0.1147 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 354 Godzina rozpoczęcia: 01cd9a4d2d0d25af Godzina zakończenia:
12 Ścieżka aplikacji: C:\Program Files\Sony\Vegas Pro 9.0\vegas90.exe Identyfikator
raportu: 78aa393e-0640-11e2-80f0-001636e517b0
Error - 2012-09-24 08:28:55 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe,
wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd:
unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x00000006 Identyfikator procesu powodującego błąd: 0xf94 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cd9a4e810df580 Ścieżka aplikacji powodującej błąd:
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe Ścieżka modułu
powodującego błąd: unknown Identyfikator raportu: 6784cba5-0643-11e2-80f0-001636e517b0
Error - 2012-09-24 08:32:55 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: AUDIODG.EXE, wersja: 6.1.7601.17514,
sygnatura czasowa: 0x4ce7a278 Nazwa modułu powodującego błąd: audioeng.dll, wersja:
6.1.7600.16385, sygnatura czasowa: 0x4a5bd97c Kod wyjątku: 0xc000001d Przesunięcie
błędu: 0x0004784f Identyfikator procesu powodującego błąd: 0xf88 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cd9a4e8281e458 Ścieżka aplikacji powodującej błąd:
C:\Windows\system32\AUDIODG.EXE Ścieżka modułu powodującego błąd: C:\Windows\System32\audioeng.dll
Identyfikator
raportu: f6705c93-0643-11e2-80f0-001636e517b0
Error - 2012-09-24 08:32:55 | Computer Name = 1-Komputer | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących
przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany
plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak
dysku. System Windows zamknął program Izolacja wykresu urządzenia audio systemu Windows
z powodu tego błędu. Program: Izolacja wykresu urządzenia audio systemu Windows Plik:
Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz
plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże
po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku
i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią
i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład
dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3.
Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program
CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD,
a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F,
a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik
z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli
nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem
komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe
dane Wartość błędu: 00000000 Typ dysku: 0
Error - 2012-09-24 08:54:05 | Computer Name = 1-Komputer | Source = WinMgmt | ID = 10
Description =
Error - 2012-09-24 09:30:34 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe,
wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd:
NPSWF32_11_4_402_265.dll, wersja: 11.4.402.265, sygnatura czasowa: 0x502bf58e Kod
wyjątku: 0xc000001d Przesunięcie błędu: 0x00407d4f Identyfikator procesu powodującego
błąd: 0xf88 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9a53dda55665 Ścieżka
aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
Ścieżka
modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
Identyfikator
raportu: 0418babb-064c-11e2-add0-001636e517b0
Error - 2012-09-24 09:30:34 | Computer Name = 1-Komputer | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących
przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany
plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak
dysku. System Windows zamknął program Adobe Flash Player 11.4 r402 z powodu tego
błędu. Program: Adobe Flash Player 11.4 r402 Plik: Wartość błędu jest wyświetlona
w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może
być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu.
2.
Jeśli
nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien
sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem.
-
jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały
dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając
program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia
wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem
nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki
na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy,
skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby
uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0
Error - 2012-09-24 10:12:52 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Skype.exe, wersja: 5.10.0.116, sygnatura
czasowa: 0x50001496 Nazwa modułu powodującego błąd: Skype.exe, wersja: 5.10.0.116,
sygnatura czasowa: 0x50001496 Kod wyjątku: 0xc0000096 Przesunięcie błędu: 0x0004b910
Identyfikator
procesu powodującego błąd: 0xe6c Godzina uruchomienia aplikacji powodującej błąd:
0x01cd9a5e02a31928 Ścieżka aplikacji powodującej błąd: C:\Program Files\Skype\Phone\Skype.exe
Ścieżka
modułu powodującego błąd: C:\Program Files\Skype\Phone\Skype.exe Identyfikator raportu:
ecee8738-0651-11e2-add0-001636e517b0
Error - 2012-09-24 10:12:52 | Computer Name = 1-Komputer | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących
przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany
plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak
dysku. System Windows zamknął program Skype z powodu tego błędu. Program: Skype Plik:
Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz
plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże
po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku
i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią
i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład
dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3.
Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program
CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD,
a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F,
a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik
z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli
nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem
komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe
dane Wartość błędu: 00000000 Typ dysku: 0
Error - 2012-09-24 10:53:22 | Computer Name = 1-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_4_402_265.exe,
wersja: 11.4.402.265, sygnatura czasowa: 0x502bf384 Nazwa modułu powodującego błąd:
unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x032439c0 Identyfikator procesu powodującego błąd: 0xbf4 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cd9a63dfc1bd87 Ścieżka aplikacji powodującej błąd:
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe Ścieżka modułu
powodującego błąd: unknown Identyfikator raportu: 95b1b98c-0657-11e2-add0-001636e517b0
[ Media Center Events ]
Error - 2012-08-22 02:49:57 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 08:49:55 - Błąd podczas nawiązywania połączenia z Internetem. 08:49:57
- Nie można skontaktować się z serwerem..
Error - 2012-08-22 02:50:11 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 08:50:04 - Błąd podczas nawiązywania połączenia z Internetem. 08:50:04
- Nie można skontaktować się z serwerem..
Error - 2012-08-22 03:55:16 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 09:55:16 - Błąd podczas nawiązywania połączenia z Internetem. 09:55:16
- Nie można skontaktować się z serwerem..
Error - 2012-08-22 03:55:43 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 09:55:22 - Błąd podczas nawiązywania połączenia z Internetem. 09:55:22
- Nie można skontaktować się z serwerem..
Error - 2012-08-22 04:56:02 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 10:56:02 - Błąd podczas nawiązywania połączenia z Internetem. 10:56:02
- Nie można skontaktować się z serwerem..
Error - 2012-08-22 04:56:15 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 10:56:09 - Błąd podczas nawiązywania połączenia z Internetem. 10:56:09
- Nie można skontaktować się z serwerem..
Error - 2012-08-22 05:56:58 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 11:56:58 - Błąd podczas nawiązywania połączenia z Internetem. 11:56:58
- Nie można skontaktować się z serwerem..
Error - 2012-08-22 05:57:06 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 11:57:03 - Błąd podczas nawiązywania połączenia z Internetem. 11:57:03
- Nie można skontaktować się z serwerem..
Error - 2012-09-17 02:05:40 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 08:05:39 - Błąd podczas nawiązywania połączenia z Internetem. 08:05:39
- Nie można skontaktować się z serwerem..
Error - 2012-09-17 04:20:24 | Computer Name = 1-Komputer | Source = MCUpdate | ID = 0
Description = 10:20:23 - Błąd podczas nawiązywania połączenia z Internetem. 10:20:23
- Nie można skontaktować się z serwerem..
[ System Events ]
Error - 2013-04-22 07:31:40 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu
Windows, której nie można uruchomić z powodu następującego błędu: %%1058
Error - 2013-04-22 07:31:49 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: sptd
Error - 2013-04-22 09:39:42 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu
Windows, której nie można uruchomić z powodu następującego błędu: %%1058
Error - 2013-04-22 09:39:51 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: sptd
Error - 2013-04-22 11:08:23 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi avgwd.
Error - 2013-04-22 11:08:59 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi avgwd.
Error - 2013-04-22 13:11:59 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu
Windows, której nie można uruchomić z powodu następującego błędu: %%1058
Error - 2013-04-22 13:34:55 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Advanced SystemCare Service 6 niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.
Error - 2013-04-22 13:35:37 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.
Error - 2013-04-22 13:36:24 | Computer Name = 1-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu
Windows, której nie można uruchomić z powodu następującego błędu: %%1058
< End of report >
Re: Wirus wysyłanie wiadomości na facebook'u i skype
22 Kwi 2013, 20:48
Brak logu z Gmer 
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p88736, uzupełnij.
Poza tym logi wklejaj na http://www.wklej.eu/, a w poście podaj tylko link.
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p88736, uzupełnij.Poza tym logi wklejaj na http://www.wklej.eu/, a w poście podaj tylko link.
Re: Wirus wysyłanie wiadomości na facebook'u i skype
23 Kwi 2013, 07:56
http://www.wklej.eu/index.php?id=c35948b2dc&view=nl
Proszę log z GMER.
Proszę log z GMER.
Re: Wirus wysyłanie wiadomości na facebook'u i skype
23 Kwi 2013, 14:16
1. Odinstaluj: SweetIM for Messenger 3.7, Internet Explorer Toolbar 4.6 by SweetPacks, Bonjour, Ask Toolbar, BabylonObjectInstaller, Yontoo 1.10.02, Ad-Aware SE Personal (staroć), AVG Security Toolbar, McAfee Security Scan Plus, Ask Toolbar Updater
2. Użyj AdwCleaner http://forum.instalki.pl/otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 z opcji Usuń i podaj utworzony log.
3. Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:
Klikasz Wykonaj skrypt. Podajesz log z usuwania + nowe logi z OTL.
Kolejność jak podałem.
2. Użyj AdwCleaner
http://forum.instalki.pl/otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 z opcji Usuń i podaj utworzony log.3. Uruchom OTL
w oknie Własne opcje skanowania/skrypt wklej::OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\mseow.sys -- (mseow)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\gmzioaj.sys -- (gmzioaj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys -- (FairplayKD)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD2500BEVT-24A23T0_WD-WXE1A50E8975E8975&ts=1350915088
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=a1b48d25-41a6-4a81-83f7-041d3035388d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={70B915DA-9864-441E-BADD-4054F6A5AE3C}&mid=c129b2926a484ecf849f2a0a57be5a4a-737d6be3d3d76da21980eded92fe6334dfb0c32a&lang=pl&ds=is015&pr=sa&d=2012-09-28 20:55:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={932E8245-EF97-11E1-B341-001636E517B0}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.14.100013
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_US&apn_uid=09DD9307-79BE-4CCD-BE0D-D1F909FCEC43&apn_ptnrs=^U3&apn_sauid=A3031538-0F14-41C7-B751-AA56DE6FB939&apn_dtid=^YYYYYY^YY^PL&&q="
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2012-08-26 18:04:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2013-02-03 10:01:47 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\5zueojl7.default\extensions\[email protected]
[2013-03-17 22:21:42 | 000,002,575 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\askcom.xml
[2012-08-26 18:03:40 | 000,003,915 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\sweetim.xml
[2012-09-07 15:02:42 | 000,002,469 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\5zueojl7.default\searchplugins\Web Search.xml
[2013-02-18 20:45:31 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-08-11 14:04:57 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-10-22 16:11:30 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: AVG Security Toolbar = C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Ceujmgywnzatxwwn.exe] C:\Users\1\AppData\Roaming\Ceujmgywnzatxwwn.exe ()
O4 - HKCU..\Run: [bfcadfccsacfsfdsf] C:\ProgramData\bfcadfccsacfsfdsf.exe (ICQ, LLC.)
[2013-04-22 20:03:41 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe
[2013-04-22 20:03:39 | 000,182,784 | ---- | M] (ICQ, LLC.) -- C:\ProgramData\bfcadfccsacfsfdsf.exe
[2013-04-22 19:29:48 | 000,103,424 | ---- | M] () -- C:\Users\1\AppData\Roaming\42CE.exe
[2013-04-22 19:26:24 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Vattlndlblsewagb.exe
[2013-04-22 19:24:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isjwlfosmicqgbrq.exe
[2013-04-22 19:09:00 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Wpdehzkkewqgochs.exe
[2013-04-22 17:23:54 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Knaimcwyyxunfcfk.exe
[2013-04-22 16:38:18 | 000,103,424 | RH-- | M] () -- C:\Users\1\AppData\Roaming\Isynqidzpmpkcskv.exe
:Commands
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Podajesz log z usuwania + nowe logi z OTL.
Kolejność jak podałem.
Re: Wirus wysyłanie wiadomości na facebook'u i skype
23 Kwi 2013, 15:21
Oto log z usunięcia:
http://www.wklej.eu/index.php?id=d9b2eefb52
log z otl'a:
http://www.wklej.eu/index.php?id=97c217306f
http://www.wklej.eu/index.php?id=d9b2eefb52
log z otl'a:
http://www.wklej.eu/index.php?id=97c217306f
Re: Wirus wysyłanie wiadomości na facebook'u i skype
23 Kwi 2013, 15:59
OK, jeszcze nowe logi z OTL.
Re: Wirus wysyłanie wiadomości na facebook'u i skype
23 Kwi 2013, 16:34
uruchomiłem ponownie i nic nie miałem więcej...
Re: Wirus wysyłanie wiadomości na facebook'u i skype
23 Kwi 2013, 16:35
uruchomiłem ponownie i nic nie miałem więcej...
poza tym, już wiadomości mi ta "aplikacja" nie wysyła
poza tym, już wiadomości mi ta "aplikacja" nie wysyła
Re: Wirus wysyłanie wiadomości na facebook'u i skype
23 Kwi 2013, 19:19
Po prostu wykonaj logi opcją Skanuj tak jak na początku.