x-kom hosting

Reset kopmutera

Sounes
utworzono
utworzono

Witam, dzisiaj zauważyłem że mój komputer zaczął powoli chodzić. A wieć postanowiłem usunąć wirusy które mogły by być przyczyną. I tutaj pojawia sie mój problem. Nie mogłem zeskanować mojego komputera. Ponieważ podczas uruchamiania się programu Combofix komputer sam się zresetował. To nie był przypadek, przy inych próbach było to samo. Dodam jeszcze że w menedżerze zadań widać Ping.exe. Może to właśnie Ping.exe jest przyczyną.A więc postanowiłem poczytać troche o tej aplikacji, jednak jeżeli wpisałem tą aplikacje w przeglądarce komputer też się zresetował. Tak samo się dzialo podczas ściagania skaneru czy AV. Prosze o pomoc.

Natsuki Kuga
komentarz
komentarz
ComboFix to narzędzie mocno ingerujące w system, a nie program antywirusowy do użycia "od tak". Na przyszłość nie używaj go bez nadzoru osoby posiadającej odpowiednią wiedzę o systemie.

Na sam początek pokaż zawartość pliku ComboFix.txt, jeśli takowy się utworzył (szukaj na partycji systemowej). Jeśli go nie ma - nie uruchamiaj skanera ponownie. Pokaż też zestaw logów z OTL i Gmer (instrukcje znajdziesz w przyklejonych).
Sounes
komentarz
komentarz

Tutaj podaje wyniki ze skanowania OTL.

 

OTL.exe:

 

 

 

OTL logfile created on: 2013-01-30 10:49:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sounes\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,86% Memory free
8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 205,07 Gb Total Space | 1,19 Gb Free Space | 0,58% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 30,58 Gb Free Space | 20,87% Space Free | Partition Type: NTFS
Drive E: | 114,20 Gb Total Space | 85,48 Gb Free Space | 74,86% Space Free | Partition Type: NTFS
 
Computer Name: SOUNES-PC | User Name: Sounes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-01-30 10:42:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sounes\Desktop\OTL.exe
PRC - [2013-01-20 23:00:14 | 001,277,667 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe
PRC - [2013-01-19 09:42:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-01-09 16:07:33 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-12-15 10:39:52 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-12-13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-10-31 07:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012-10-04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-08-15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\winlogon.exe
PRC - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\services.exe
PRC - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\lsass.exe
PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009-07-14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-01-20 23:00:14 | 001,277,667 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe
MOD - [2013-01-19 09:42:57 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-01-11 20:06:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013-01-11 15:57:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013-01-11 15:57:14 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013-01-11 15:57:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013-01-11 15:56:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013-01-11 15:56:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013-01-11 15:56:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013-01-11 15:56:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013-01-11 15:56:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013-01-11 15:56:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013-01-11 15:56:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013-01-09 16:07:32 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012-10-31 07:35:36 | 000,311,808 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2010-11-13 03:37:37 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\winlogon.exe
MOD - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\services.exe
MOD - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\lsass.exe
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-01-19 21:55:21 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-19 09:42:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-09 16:07:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-12-15 10:39:52 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-12-13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013-01-09 15:06:20 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:[b]64bit:[/b] - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010-01-29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=cab2b824-47a2-11e2-916f-001a4d549e74
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{EF1BC6EC-5312-474F-9AFB-7EA366353470}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=cab2b824-47a2-11e2-916f-001a4d549e74
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB A3 84 59 A3 90 CD 01  [binary data]
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=cab2b824-47a2-11e2-916f-001a4d549e74&q={searchTerms}
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{7A26DB19-9E2E-40DE-AEED-05A30F2776E7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{EF1BC6EC-5312-474F-9AFB-7EA366353470}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.14.40.128
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-19 09:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-19 09:42:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-09-12 06:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sounes\AppData\Roaming\mozilla\Extensions
[2013-01-17 16:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sounes\AppData\Roaming\mozilla\Firefox\Profiles\5rvaxrfu.default\extensions
[2013-01-17 16:47:58 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Sounes\AppData\Roaming\mozilla\Firefox\Profiles\5rvaxrfu.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012-12-16 18:05:55 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Sounes\AppData\Roaming\mozilla\Firefox\Profiles\5rvaxrfu.default\extensions\50ce036f4b6d0@50ce036f4b708.com
[2012-12-16 18:05:39 | 000,002,090 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\mozilla\firefox\profiles\5rvaxrfu.default\searchplugins\Searchab.xml
[2013-01-19 09:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-01-19 09:42:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-01-19 09:42:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-09-06 03:57:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-09-06 03:57:10 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-09-06 03:57:10 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-09-06 03:57:10 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-09-06 03:57:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-09-06 03:57:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2012-09-14 16:57:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe ()
O4 - HKLM..\Run: [GrooveMonitor] E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [nservice32] C:\Users\Sounes\AppData\Roaming\nservice32.exe ()
O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [Tok-Cirrhatus] C:\Users\Sounes\AppData\Local\smss.exe ()
O4 - Startup: C:\Users\Sounes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Microsoft office 2007\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Microsoft office 2007\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F92EEAEC-7D46-45A1-A3EC-43C729DD819B}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-06-10 21:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-01-30 10:42:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sounes\Desktop\OTL.exe
[2013-01-30 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-30
[2013-01-29 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-29
[2013-01-28 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-28
[2013-01-27 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-27
[2013-01-26 18:57:56 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013-01-26 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Loc.Mail.Bron.Tok
[2013-01-26 11:43:45 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Ok-SendMail-Bron-tok
[2013-01-26 11:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-26
[2013-01-24 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Roaming\NVIDIA
[2013-01-24 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Roaming\Tibia
[2013-01-24 19:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
[2013-01-24 19:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia
[2013-01-19 22:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPlus Applications
[2013-01-19 21:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013-01-19 21:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013-01-19 09:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-01-11 20:26:10 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013-01-10 16:02:55 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013-01-10 16:02:55 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013-01-10 16:02:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013-01-10 16:02:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013-01-10 16:02:41 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013-01-10 16:02:41 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013-01-10 16:02:41 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013-01-10 16:02:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013-01-10 16:02:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013-01-10 16:02:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013-01-10 16:02:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013-01-10 16:02:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013-01-10 16:02:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013-01-10 16:02:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013-01-10 16:02:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013-01-10 16:02:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013-01-10 16:02:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013-01-10 16:02:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013-01-10 16:02:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013-01-10 16:02:41 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013-01-10 16:02:41 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013-01-10 16:02:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013-01-10 16:02:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013-01-10 16:02:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013-01-10 16:02:40 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013-01-10 16:02:40 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013-01-10 16:02:40 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013-01-10 16:02:40 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013-01-10 16:02:40 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013-01-10 16:02:40 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013-01-10 16:02:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013-01-10 16:02:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013-01-10 16:02:10 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013-01-10 16:02:10 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013-01-10 16:02:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013-01-10 16:02:09 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013-01-10 16:02:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-01-10 16:02:09 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-01-10 16:02:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-01-10 16:02:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013-01-10 16:02:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-01-10 16:02:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013-01-10 16:02:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-01-10 16:02:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013-01-10 16:02:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013-01-10 16:02:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013-01-10 16:02:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013-01-10 16:02:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013-01-10 16:02:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-01-10 16:01:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013-01-09 21:26:11 | 000,000,000 | ---D | C] -- C:\Users\Sounes\Desktop\Motywacja
[2013-01-09 15:14:20 | 000,000,000 | ---D | C] -- C:\Users\Sounes\Documents\Alcohol 120%
[2013-01-09 15:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2013-01-09 15:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2013-01-09 15:06:20 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013-01-09 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2013-01-09 15:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2013-01-02 16:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWood
[2013-01-02 16:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWood
[2013-01-02 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Roaming\InstallShield
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-01-30 10:47:44 | 000,012,393 | ---- | M] () -- C:\Users\Sounes\AppData\Local\Update.12.Bron.Tok.bin
[2013-01-30 10:47:13 | 001,662,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-01-30 10:47:13 | 000,737,714 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-01-30 10:47:13 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-01-30 10:47:13 | 000,154,402 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-01-30 10:47:13 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-01-30 10:42:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sounes\Desktop\OTL.exe
[2013-01-30 10:26:05 | 000,012,393 | ---- | M] () -- C:\Users\Sounes\AppData\Local\Bron.tok.A12.em.bin
[2013-01-30 10:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-01-30 10:14:38 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-30 01:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-01-27 13:14:45 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-01-27 13:14:45 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-01-26 20:10:43 | 000,001,021 | ---- | M] () -- C:\Users\Sounes\Desktop\Tibia MC Inject — skrót.lnk
[2013-01-26 19:33:00 | 000,001,370 | ---- | M] () -- C:\Users\Sounes\Desktop\Tibia — skrót.lnk
[2013-01-20 23:00:14 | 001,277,667 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe
[2013-01-19 21:47:04 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013-01-14 20:06:20 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-01-14 20:06:20 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-01-13 18:18:12 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-01-11 15:55:24 | 000,420,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-01-10 23:56:54 | 001,645,982 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-01-09 16:07:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-01-09 16:07:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-01-09 15:16:18 | 000,000,124 | ---- | M] () -- C:\Users\Sounes\Documents\ax_files.xml
[2013-01-09 15:11:29 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2013-01-09 15:06:20 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013-01-02 17:01:26 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Gothic II Z³ota Edycja.lnk
[2013-01-01 17:42:35 | 000,914,548 | R--- | M] () -- C:\Users\Sounes\Desktop\2012-12-31 22.49.22.jpg
[2013-01-01 17:32:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-01-30 10:47:44 | 000,012,393 | ---- | C] () -- C:\Users\Sounes\AppData\Local\Update.12.Bron.Tok.bin
[2013-01-30 10:26:05 | 000,012,393 | ---- | C] () -- C:\Users\Sounes\AppData\Local\Bron.tok.A12.em.bin
[2013-01-26 20:10:43 | 000,001,021 | ---- | C] () -- C:\Users\Sounes\Desktop\Tibia MC Inject — skrót.lnk
[2013-01-26 19:33:00 | 000,001,370 | ---- | C] () -- C:\Users\Sounes\Desktop\Tibia — skrót.lnk
[2013-01-26 14:59:16 | 001,277,667 | ---- | C] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe
[2013-01-19 21:47:04 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013-01-09 15:16:18 | 000,000,124 | ---- | C] () -- C:\Users\Sounes\Documents\ax_files.xml
[2013-01-09 15:11:29 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2013-01-02 17:01:26 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Gothic II Z³ota Edycja.lnk
[2013-01-01 17:42:35 | 000,914,548 | R--- | C] () -- C:\Users\Sounes\Desktop\2012-12-31 22.49.22.jpg
[2013-01-01 17:32:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012-12-08 15:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-11-09 19:45:38 | 001,645,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-11-05 16:24:44 | 000,000,061 | ---- | C] () -- C:\Users\Sounes\64.7.194.236
[2012-10-06 15:07:32 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-10-06 15:07:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-09-14 16:49:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-09-14 16:49:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-09-14 16:49:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-09-14 16:49:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-09-14 16:49:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011-04-03 15:18:37 | 000,042,667 | -H-- | C] () -- C:\Windows\eksplorasi.exe
[2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\winlogon.exe
[2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\smss.exe
[2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\services.exe
[2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\lsass.exe
[2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\inetinfo.exe
[2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\csrss.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012-10-26 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Gadu-Gadu 10
[2012-09-12 19:34:50 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\LolClient
[2012-09-17 15:25:49 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\OpenFM
[2012-10-06 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\PunkBuster
[2012-09-18 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\SFBot
[2013-01-26 15:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Tibia
[2013-01-28 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\TS3Client
[2012-12-08 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Tunngle
[2012-10-06 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Ubisoft
[2013-01-19 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\uTorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 

Extras.exe

 

OTL Extras logfile created on: 2013-01-30 10:49:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sounes\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,86% Memory free
8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 205,07 Gb Total Space | 1,19 Gb Free Space | 0,58% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 30,58 Gb Free Space | 20,87% Space Free | Partition Type: NTFS
Drive E: | 114,20 Gb Total Space | 85,48 Gb Free Space | 74,86% Space Free | Partition Type: NTFS
 
Computer Name: SOUNES-PC | User Name: Sounes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\MICROS~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\MICROS~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FFEEB3E-C7D3-42DB-8EFC-58A926667558}" = lport=6004 | protocol=17 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\outlook.exe |
"{15B5B4C4-7127-4324-A14E-A3B30886360D}" = lport=137 | protocol=17 | dir=in | app=system |
"{22C1EC90-A8F4-4FFB-8FD9-74239DF14AD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{241A11CF-5BC5-403D-B438-1EEE2F8CDD6A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{365DC63D-CA5F-40A2-A72D-1F6AB7FCC5EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3902EEC2-06C5-4F96-8417-EC486C51FC0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D84743B-F3DB-41F4-AA51-15FF350C2820}" = lport=139 | protocol=6 | dir=in | app=system |
"{53124869-190D-4FE4-9526-20EA556AA91B}" = rport=137 | protocol=17 | dir=out | app=system |
"{669AE5FA-E7DE-49D5-BC42-24CD821CC147}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EA55A36-01A7-4756-A9E9-B94841BD00BB}" = lport=445 | protocol=6 | dir=in | app=system |
"{7101BB90-D5AA-4457-AF5E-16992E3A38E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A11A2EE-C63A-4EEB-A1B7-F33D24FF0D14}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C4F47DA-7989-4D6D-A198-28E24D827436}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88F61926-1426-4F24-B32B-61AB1215546A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A50D132-36A1-45BD-B779-056582014AD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E642420-DC93-447F-A4B5-969B596C30C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{92BDC76B-076A-4893-9051-F727F5A8D049}" = rport=139 | protocol=6 | dir=out | app=system |
"{9DAE40EC-B7AA-4161-B7A9-B73368FA3233}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B8039ADD-6B50-4565-ACDC-FA6EB70C9407}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C767FDDD-4CBF-4473-804A-9106E2ED805E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C78800FF-932A-4EB7-A965-461C3B592D29}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9D73C41-8F3F-4138-BE14-B36A2481B566}" = lport=138 | protocol=17 | dir=in | app=system |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0213F2EE-5DE7-469E-9770-D7639010846F}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\fc3updater.exe |
"{057C6991-27AF-4EBD-9ED3-756941E57FE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AA8C41F-CAE0-41B9-AC2C-EFE3AF5444AF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F618CF5-F549-455B-B6B1-BB80D1A04774}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{11CF79EC-089C-457E-9B83-AA9511B4EA87}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{209561C1-5104-4D2F-8D44-110D00282E15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{254D9953-D881-4DA2-A04F-DCC7F29C1D9D}" = protocol=17 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe |
"{28A31F43-D378-44C2-B2EC-DEBF1E28B7E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BABEDC9-DD94-4FDB-8C78-4AEF159ACECE}" = protocol=17 | dir=in | app=d:\gry'\assasins creed 3\assassinscreed3.exe |
"{370C6BC5-8ED7-41A4-BA6B-9D6924A93054}" = protocol=6 | dir=in | app=f:\fscommand\cksocketserver.exe |
"{3832436C-72A2-4DD6-99C3-C7E6E8295391}" = protocol=17 | dir=in | app=f:\fscommand\cksocketserver.exe |
"{3A8BF124-4280-4615-8193-20A73D68078D}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\fc3updater.exe |
"{3AB6B331-2968-4150-8514-DFD2E3B3762C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{3F0B4D83-3BBA-4962-A3C4-114AC6DFE3AC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3F679B3A-6D77-40DB-B14E-5B62A9C93EAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4214A14D-0E28-4368-8726-D4218DFD451F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43A06555-680E-438C-AEA5-95C41422197B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4735518A-3571-44B3-8A30-31E6BA3DC406}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4A4BFC36-B52C-4DEE-B641-59ED018A8994}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56CA797D-7263-4772-92E1-3B52D77D2C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{574D9138-DC37-4A41-8BE1-1A4FC4269B24}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5B3A59FF-A253-40CA-84F8-841DCA353017}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5F421726-9646-4AE5-B655-608EB3676788}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{61203D3D-01A0-4B3D-BBCD-E735D0A92A5A}" = protocol=17 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\groove.exe |
"{65E8F8A1-140A-477A-83F9-27B5E48CF8C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BDEEF86-B848-407D-964E-934E63F17753}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{6CBCA10C-A8E9-4F3D-A870-28A67629A266}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E876DBE-A6A0-4C0B-8E43-6A34F56AC3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{74A1CE77-3262-403C-B15F-89856425457F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7ABC38D6-2932-4717-8226-2DF59665ED17}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7F02619E-05D3-47FB-9800-50A941278F51}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7F06A09B-99F0-4386-A951-1F269564F1C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8011D1D7-B7D5-4649-B6E8-801C71CA30A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{80B16D4D-CDCE-4874-84CA-8DE74651CFA0}" = protocol=6 | dir=in | app=d:\gry'\assasins creed 3\ac3mp.exe |
"{811F89D7-395C-4B44-85B0-70429595C891}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\farcry3.exe |
"{82606649-2C0B-4853-8810-1264F1D07F25}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\fc3editor.exe |
"{834508E7-6699-4751-AEF4-822B8EFDB4C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84127C84-1080-496D-B09C-B78CBD29174E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{8F9A55F7-35DD-4424-AF28-17D2FF5376FE}" = protocol=6 | dir=in | app=d:\gry'\assasins creed 3\ac3sp.exe |
"{95D5E277-D0E7-4D9D-9599-8E698376BC71}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\farcry3_d3d11.exe |
"{99C5C815-CF8F-4C10-A8C9-160833579359}" = protocol=17 | dir=in | app=d:\gry'\assasins creed 3\ac3sp.exe |
"{9CE19E1E-A144-44D2-8868-44C9F2AAB954}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\fc3editor.exe |
"{A040529C-AA81-4684-9F10-7B788C297C70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A297C542-45E3-46DA-860E-72565BCAD281}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A3C7B0A3-6A64-4267-ABFC-B699F3D0F9C3}" = protocol=17 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\onenote.exe |
"{A40CC069-F4C1-4733-A343-EC740CEBDCC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AD1CEF57-38E8-42F1-BE20-DE8C67770429}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B061F4F8-3DF0-4555-B9FB-DFCF4F98FA80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B64F718D-4E0D-44C5-A140-AEA3F29D01B6}" = protocol=6 | dir=in | app=d:\gry'\assasins creed 3\assassinscreed3.exe |
"{B92F6672-9714-4358-8CA1-331348D297B0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{B942BFE1-54C2-49DB-AB80-96A7A3A7DAF7}" = protocol=6 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe |
"{BAC21538-72AD-49A3-A162-8256B2609852}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\farcry3_d3d11.exe |
"{C5CD937A-BF49-4C6C-9B86-A06F013FA5A0}" = protocol=6 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\onenote.exe |
"{C5D737AA-52BD-42DA-ACC1-5367EAEC0E69}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\farcry3.exe |
"{CE414FD7-0835-420A-A4A6-A074525C84D7}" = protocol=17 | dir=in | app=d:\gry'\assasins creed 3\ac3mp.exe |
"{D1613B3F-71FC-4178-A1CF-888A4109484A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{D46EC74B-456E-486D-B761-ABBACE61B311}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{D4C89F93-0CD0-4CCA-9C60-816B0D1D598E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE309BBD-D1D5-453D-B46A-215A34F547FA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DFA0D93F-025D-4267-ABFF-C08ED49A017F}" = protocol=6 | dir=out | app=system |
"{E1CDB0AF-A91D-41E7-A131-4EF6B1E7DDC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4B50666-19C6-477B-A30F-988CAC66B963}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{E57B2B72-E7F2-4E77-AD13-EEEF896C3549}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{ED5B20A7-46A3-4C6B-A59C-D61A007139E3}" = protocol=6 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\groove.exe |
"{F7B7E655-95CB-444B-91E2-BA04CC0F14B6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{F9DAECB9-10D8-486A-A01B-513EC30A940B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FDDEA832-E572-446A-9DF9-B4A73928F15B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{FE8B16CE-9B98-4989-A88F-D82F81216101}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3965C14A-B982-42F2-8047-2B706F04CA42}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{489FBB78-F1E9-4DB3-96A6-2B34CA1F2D04}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{54B2C4AC-E3AC-462D-BFB9-C1F764291499}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
"TCP Query User{971F735A-C98A-4828-B45E-66C198FAE0AD}D:\gry'\sniperelitev2\bin\sniperelitev2.exe" = protocol=6 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe |
"TCP Query User{A53F697F-14F5-4F9E-B6C2-4410E1EADD0F}D:\gry'\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\gry'\the witcher 2\bin\witcher2.exe |
"TCP Query User{AFCE8716-73E5-459A-9A15-E8B1845496E2}E:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe" = protocol=6 | dir=in | app=e:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe |
"TCP Query User{BA7B8FB1-E9C6-43AC-B633-B71620F2918D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{5D3ABE5D-2931-4DDF-A342-6F5EBC43B28A}E:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe" = protocol=17 | dir=in | app=e:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe |
"UDP Query User{706904D7-E630-4096-B118-E277665135A7}D:\gry'\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\gry'\the witcher 2\bin\witcher2.exe |
"UDP Query User{851AC92D-F388-4C52-B322-62FD44F35A3E}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
"UDP Query User{9F9B052E-E6AD-4C52-90D5-80BF473ABB2D}D:\gry'\sniperelitev2\bin\sniperelitev2.exe" = protocol=17 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe |
"UDP Query User{B98CBEE8-124D-4B29-A6A2-7C8E3CE687C0}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{BA8F4E3B-2319-4097-9C53-99A4D854BCF4}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{EAF1B27B-905B-4F84-ACE0-621C4CAA6B58}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A8DE631A-D028-4928-B7D3-8338D0D61FC8}" = portal_pl
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{B4FD3F41-E90C-4A3E-AADF-F2FB64CF2E42}" = Gothic II Z³ota Edycja
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diablo II + Diablo II - Lord of Destruction PL 1.12a" = Diablo II + Diablo II - Lord of Destruction PL 1.12a
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Gadu-Gadu 10" = Gadu-Gadu 10
"LOLReplay" = LOLReplay
"Mozilla Firefox 18.0.1 (x86 pl)" = Mozilla Firefox 18.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Sniper Elite V2_is1" = Sniper Elite V2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition wersja 3.0
"Tibia_is1" = Tibia
"UltraISO_is1" = UltraISO Premium V9.53
"Uplay" = Uplay
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013-01-27 06:14:06 | Computer Name = Sounes-PC | Source = Software Protection Platform Service | ID = 8193
Description = Wystapil blad harmonogramu aktywacji licencji (sppuinotify.dll), kod
 bledu:   0x80070005
 
Error - 2013-01-27 07:14:06 | Computer Name = Sounes-PC | Source = Software Protection Platform Service | ID = 8193
Description = Wystapil blad harmonogramu aktywacji licencji (sppuinotify.dll), kod
 bledu:   0x80070005
 
Error - 2013-01-27 08:14:06 | Computer Name = Sounes-PC | Source = Software Protection Platform Service | ID = 8193
Description = Wystapil blad harmonogramu aktywacji licencji (sppuinotify.dll), kod
 bledu:   0x80070005
 
Error - 2013-01-27 14:47:35 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005.
 
Error - 2013-01-28 05:31:46 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005.
 
Error - 2013-01-28 14:41:23 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005.
 
Error - 2013-01-29 06:26:12 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005.
 
Error - 2013-01-29 11:06:51 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005.
 
Error - 2013-01-29 16:47:56 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005.
 
Error - 2013-01-30 05:14:50 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005.
 
[ System Events ]
Error - 2013-01-29 06:28:17 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038
Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser
za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu:   %%1330    Aby
 upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w
 programie Microsoft Management Console (MMC).
 
Error - 2013-01-29 06:28:17 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000
Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego
 bledu:   %%1069
 
Error - 2013-01-29 06:33:26 | Computer Name = Sounes-PC | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostalo przerwane, poniewaz nie
 mozna powiekszyc magazynu kopii w tle z powodu limitu wprowadzonego przez uzytkownika.
 
Error - 2013-01-29 11:08:56 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038
Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser
za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu:   %%1330    Aby
 upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w
 programie Microsoft Management Console (MMC).
 
Error - 2013-01-29 11:08:56 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000
Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego
 bledu:   %%1069
 
Error - 2013-01-29 16:50:01 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038
Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser
za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu:   %%1330    Aby
 upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w
 programie Microsoft Management Console (MMC).
 
Error - 2013-01-29 16:50:01 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000
Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego
 bledu:   %%1069
 
Error - 2013-01-29 19:18:47 | Computer Name = Sounes-PC | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostalo przerwane, poniewaz nie
 mozna powiekszyc magazynu kopii w tle z powodu limitu wprowadzonego przez uzytkownika.
 
Error - 2013-01-30 05:16:55 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038
Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser
za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu:   %%1330    Aby
 upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w
 programie Microsoft Management Console (MMC).
 
Error - 2013-01-30 05:16:55 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000
Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego
 bledu:   %%1069
 
 
< End of report >
 

 

Macenobi
komentarz
komentarz

Ściągnij program Malwarebytes Anti Malware ,polecam kiedy masz wirusy typu trojany itd, przeskanuj nim komputer ,wybierając tryb pelne skanowanie komputera oraz zaznacz wszystkie dyski ,procz stacji dyskow i podaj log z otla

Zayfi
komentarz
komentarz (edytowane)

1.Otwórz notatnik i zapisz skrypt pod nazwą skrypt.txt http://wklej.org/id/942181/

2. Wejdź w tryb awaryjny, uruchom OTL i w okno Własne opcje skanowania/skrypt wklej skopiowany z notatnika skrypt.
Kliknij w Wykonaj skrypt.

Po restarcie wykonaj nowy skan OTL. Załacz też log z usuwania.

 

 

 

Tak na marginesie - jak chcesz czekać na osoby uprawnione to czekaj. A Brontok niech szaleje dalej.

wirusolog
komentarz
komentarz (edytowane)

Skrypt poprawny.

Zayfi
komentarz
komentarz

Uruchom OTL i w okno Własne opcje skanowania skrypt wklej

 

 

[xml]:OTL
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{EF1BC6EC-5312-474F-9AFB-7EA366353470}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O2 - BHO: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found.


:Files
C:\Users\Sounes\AppData\Local\Bron.tok-12-31

:Commands
[emptytemp][/xml]

 

 

Kliknij w Wykonaj skrypt.

 

Po usuwaniu zrób nowy skan OTL i przedstaw raport. Log Extras nie potrzebny.

Zayfi
komentarz
komentarz

Uruchom OTL i kliknij Sprzątanie.

Wyczyść foldery Przywracania systemu

PPM na mój Komputer > Właściwośći > Zaawansowane ustawienia sytemu > Ochrona systemu > konfiguruj > zaznacz opcję Wyłacz ochronę systemu

 

potem zaznacz Przywróć ustawienia i poprzednie wersje plików

 

 

Podaj skąd był uruchamiany Combofix  ścieżka do pliku Combofix.exe?. Trzeba go fachowo odinstalować

Sounes
komentarz
komentarz

Komputer>dysk lokalny C>Windows.old>Documents and Settings>ADMIN>Moje dokumenty>Pobieranie

 

Taka jest ścieżka do pliku Combofix.exe. Naprawde konieczne jest jego odinstalowanie?

Zayfi
komentarz
komentarz (edytowane)
Komputer>dysk lokalny C>Windows.old>Documents and Settings>ADMIN>Moje dokumenty>Pobieranie

 

Taka jest ścieżka do pliku Combofix.exe. Naprawde konieczne jest jego odinstalowanie?

Co za niemądre pytanie. Combofix to nie jest antidotum na wirusy. Stosuje się go wyłacznie na polecenie osób mających wiedzę o infekcjach.

 

Czy instalator jest w podanej ścieżce?

 

C:\Windows.old\Documents and Settings\ADMIN\Moje dokumenty\Pobieranie

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.