UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 OPR/39.0.2256.71
UA: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Startup: C:\Users\Druss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d7174b.lnk [2016-08-30]
ShortcutTarget: d7174b.lnk C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Druss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb517.lnk [2016-09-22]
ShortcutTarget: fdb517.lnk C:\Windows\System32\mshta.exe (Microsoft Corporation)
Shortcut: C:\Users\Druss\AppData\Local\af175b\aeeed0.lnk C:\Users\Druss\AppData\Local\af175b\f97d51.bat ()
C:\Users\Druss\AppData\Local\af175b\f97d51.bat
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation)
HKLM-x32\...\RunOnce: [DelLiveinst] => cmd.exe /c del /f /s /q /a "C:\MSI\LiveUpdate\DL_FILE\Live_Update_6_6.1.021\Liveinst.exe"
HKU\S-1-5-21-545208581-4026403909-1888401867-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKU\S-1-5-21-545208581-4026403909-1888401867-1000\...\Run: [**ottghb<*>] => "C:\Windows\system32\mshta.exe" javascript:MHhr0zmT="c7cwi";dJ7=new%20ActiveXObject("WScript.Shell");X0IAtp="5XyzQ";Ny66ql=dJ7.RegRead("HKCU\\software\\vwiqzajzvw\\tgjoqptttg");QZ5Cjn0="Mblkd";eval(Ny (the data entry has 23 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-545208581-4026403909-1888401867-1000\...\Run: [**lxoryrm<*>] => "C:\Users\Druss\AppData\Local\af175b\aeeed0.lnk" <===== ATTENTION (Value Name with invalid characters)
BHO-x32: Adobe PDF Link Helper {18DF081C-E8AD-4283-A596-FA578C2EBDC3} C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://www.istartpageing.com/?type=sc&ts=1451824932&z=a1be006e498563d8d2210bbgezdw3geb5o7z7t9c5o&from=cmi&uid=ST31000528AS_9VP8WG28XXXX9VP8WG28
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 NTIOLib_1_0_9; \??\C:\Users\Druss\Desktop\1.0.3\NTIOLib_X64.sys [X]
R3 NTIOLib_MSISMB_CC; \??\C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
U3 kgloapoc; \??\C:\Users\Druss\AppData\Local\Temp\kgloapoc.sys [X]
FF DefaultSearchEngine: istartpageing
EmptyTemp:
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
UA: Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40
Pokazuje się po każdym włączeniu/restarcie kompa.
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
EmptyTemp:
UA: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Startup: C:\Users\Druss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d7174b.lnk [2016-08-30]
ShortcutTarget: d7174b.lnk C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Druss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb517.lnk [2016-09-22]
ShortcutTarget: fdb517.lnk C:\Windows\System32\mshta.exe (Microsoft Corporation)
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
UA: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
RestoreQuarantine: C:\FRST\Quarantine\C:\Windows\System32\cmd.exe
RestoreQuarantine: C:\FRST\Quarantine\C:\Windows\System32\mshta.exe
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Zarejestrowani użytkownicy: Brak zarejestrowanych użytkowników