przez beata_zm 15 Kwi 2013, 17:23
przez ordynat 15 Kwi 2013, 18:30
przez beata_zm 15 Kwi 2013, 18:51
############################## | UsbFix V 7.121 | [Deletion]
User: Beata (Administrator) # BEATA
Updated 07/04/2013 by El Desaparecido
Started at 18:01:14 | 15/04/2013
Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (Satellite L300) (X86-based PC)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz (2100)
RAM -> [Total : 2939 | Free : 991]
BIOS: InsydeH2O Version 1.90
BOOT: Normal boot
OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 8.0.6001.19412
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 116 Gb (22 Mb free - 19%) [Vista] # NTFS
D:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [KINGSTON] # FAT32
E:\ -> Fixed drive # 115 Gb (93 Mb free - 81%) [Data] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [NDSTray.exe] - NDSTray.exe
HKLM\SOFTWARE | Run : [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\SOFTWARE | Run : [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\SOFTWARE | Run : [Google EULA Launcher] - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
HKLM\SOFTWARE | Run : [Toshiba TEMPO] - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
HKLM\SOFTWARE | Run : [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe
HKLM\SOFTWARE | Run : [Skytel] - Skytel.exe
HKLM\SOFTWARE | Run : [TPwrMain] - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM\SOFTWARE | Run : [HSON] - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM\SOFTWARE | Run : [SmoothView] - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM\SOFTWARE | Run : [00TCrdMain] - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM\SOFTWARE | Run : [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
HKLM\SOFTWARE | Run : [Camera Assistant Software] - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
HKLM\SOFTWARE | Run : [jswtrayutil] - "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\SOFTWARE | Run : [WinampAgent] - "C:\Program Files\Winamp\winampa.exe"
HKLM\SOFTWARE | Run : [Malwarebytes' Anti-Malware (reboot)] - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
HKLM\SOFTWARE | Run : [Plus Internet] - C:\Program Files\Plus Internet\PlusInternetChecker.exe
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [TOSCDSPD] - TOSCDSPD.EXE
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [ehTray.exe] - C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [Odkurzacz-MCD] - C:\Program Files\Odkurzacz 12\odk_mcd.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [conhost] - C:\Users\Beata\AppData\Roaming\Microsoft\conhost.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [Microsoft Firewall 2.9] - C:\Users\Beata\AppData\Roaming\WMPRWISE.EXE
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [wuaucldt] - c:\users\beata\wuaucldt.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [Regedit32] - C:\Windows\system32\regedit.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [ds1kn2cnzbvcrkhinyw2jxvw3lumoza] - "C:\Users\Beata\AppData\Roaming\xgxcychcuvxwi2y2isagajrqvjacp3b2\csrss.exe"
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [KB223888.exe] - "C:\Users\Beata\AppData\Roaming\KB223888.exe"
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [3Y9IVJ3WWB6G8H8H] - C:\systems.Bin\C6393F7D5AD.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [XH3W7YYDZUUBYG4ZHPGKQYRPRWQ] - C:\debug.Bin\111B3F405AD.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [XW3X2Y3DZUUBYG4ZMI] - C:\debug.Bin\111B3F405AD.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [{3E0974E9-552C-B216-F9EA-082D8588AA2D}] - C:\Users\Beata\AppData\Roaming\Wuvo\sioh.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [cskcomka] - C:\Users\Beata\cskcomka.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [{3D6CCA61-87A6-AD7E-3E4C-A1DA35B182C7}] - C:\Users\Beata\AppData\Roaming\Xyqex\dioqg.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [g7k] - C:\Users\Beata\g7k.exe
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Beata\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | Run : [Gadu-Gadu 10] - "C:\Program Files\Gadu-Gadu 10\gg.exe"
HKU\S-1-5-21-838504607-4018334040-2590903565-1000\SOFTWARE | RunOnce : [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
################## | Stopped processes |
Stopped! C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (1028)
Stopped! C:\Windows\system32\SLsvc.exe (1404)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1824)
Stopped! C:\Windows\system32\WLANExt.exe (1832)
Stopped! C:\Windows\System32\spoolsv.exe (2000)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (692)
Stopped! C:\Windows\system32\agrsmsvc.exe (900)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1212)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (1352)
Stopped! C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (1540)
Stopped! C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (2100)
Stopped! C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (2584)
Stopped! C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (2792)
Stopped! C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (2884)
Stopped! C:\Windows\system32\TODDSrv.exe (2912)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2976)
Stopped! C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (3044)
Stopped! C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (3076)
Stopped! C:\Windows\system32\SearchIndexer.exe (3120)
Stopped! C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (3208)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3504)
Stopped! C:\Windows\system32\taskeng.exe (3760)
Stopped! C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (1596)
Stopped! C:\Windows\system32\taskeng.exe (3680)
Stopped! C:\Windows\Explorer.EXE (3192)
Stopped! C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe (932)
Stopped! C:\Program Files\Windows Defender\MSASCui.exe (3944)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3336)
Stopped! C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (1564)
Stopped! C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (4016)
Stopped! C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (4088)
Stopped! C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (1176)
Stopped! C:\Windows\System32\igfxtray.exe (4120)
Stopped! C:\Windows\System32\hkcmd.exe (4196)
Stopped! C:\Windows\System32\igfxpers.exe (4212)
Stopped! C:\Windows\system32\igfxsrvc.exe (4232)
Stopped! C:\Windows\RtHDVCpl.exe (4304)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (4428)
Stopped! C:\Program Files\Windows Media Player\wmpnscfg.exe (4452)
Stopped! C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (4496)
Stopped! C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (4508)
Stopped! C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (4564)
Stopped! C:\Program Files\Winamp\winampa.exe (4572)
Stopped! C:\Program Files\iTunes\iTunesHelper.exe (4600)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (4608)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4616)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (4688)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (4700)
Stopped! C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (4772)
Stopped! C:\Windows\ehome\ehtray.exe (4784)
Stopped! C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (5008)
Stopped! C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (5020)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (5048)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (5164)
Stopped! C:\Windows\ehome\ehmsas.exe (5368)
Stopped! C:\Windows\system32\igfxext.exe (5780)
Stopped! C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (5808)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (3356)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (6100)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (548)
Stopped! C:\Windows\system32\wuauclt.exe (24948)
Stopped! C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe (9512)
Stopped! C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe (9544)
Stopped! C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe (21412)
Stopped! C:\Windows\System32\WUDFHost.exe (11200)
Stopped! C:\Windows\system32\conime.exe (16468)
Stopped! C:\Windows\system32\taskeng.exe (16296)
Stopped! C:\Program Files\Gadu-Gadu 10\gg.exe (26588)
Stopped! C:\Program Files\Mozilla Firefox\plugin-container.exe (23944)
Stopped! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (24524)
Stopped! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (1864)
Stopped! C:\Windows\system32\NOTEPAD.EXE (18748)
Stopped! C:\Windows\system32\NOTEPAD.EXE (7980)
################## | Files # Infected Folders |
Deleted ! C:\Users\Beata\AppData\Roaming\528175.exe
Deleted ! C:\Users\Beata\AppData\Local\Temp\Drives.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp1476.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp3252.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp3368.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp3904.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp4012.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp4172.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp4672.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp5436.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp5872.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp5996.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp6076.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp6256.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp6356.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp6448.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp6736.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp6792.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp7096.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp7160.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp7272.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Hp7436.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.p16644.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.qHp324.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.qHp580.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Uh5872.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\qt_temp.Uh6256.vbs
Deleted ! C:\Users\Beata\AppData\Local\Temp\7za.exe
Not deleted ! G:\AutoRun.exe
Deleted ! D:\_WEJDUAWFFF.init
Deleted ! D:\autorun.inf
Deleted ! D:\desktop.ini
Deleted ! D:\Thumbs.db
Not deleted ! G:\autorun.inf
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Regedit32
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\G
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{68799634-402c-11e0-953c-001e33d15ba0}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fca2a310-1046-11e2-9124-001e33d15ba0}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fca2a320-1046-11e2-9124-00a0c6000000}
################## | Listing |
[04/03/2011 - 19:29:23 | SHD ] C:\$RECYCLE.BIN
[18/09/2006 - 23:43:36 | N | 24] C:\autoexec.bat
[18/03/2010 - 17:59:01 | SHD ] C:\Boot
[11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
[25/08/2008 - 10:08:33 | N | 8192] C:\BOOTSECT.BAK
[18/09/2006 - 23:43:37 | N | 10] C:\config.sys
[06/12/2010 - 17:48:13 | N | 0] C:\DBS.TXT
[02/11/2011 - 17:23:12 | D ] C:\debug.Bin
[02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings
[13/04/2013 - 19:31:06 | ASH | 3082809344] C:\hiberfil.sys
[25/08/2008 - 11:00:53 | D ] C:\Intel
[16/05/2010 - 11:24:29 | N | 0] C:\IO.SYS
[16/05/2010 - 11:24:29 | N | 0] C:\MSDOS.SYS
[25/08/2008 - 11:50:35 | RHD ] C:\MSOCache
[13/04/2013 - 19:31:05 | ASH | 3396603904] C:\pagefile.sys
[21/01/2008 - 04:32:31 | D ] C:\PerfLogs
[13/04/2013 - 21:45:45 | D ] C:\Program Files
[11/10/2012 - 11:06:15 | HD ] C:\ProgramData
[16/11/2009 - 18:20:26 | N | 651] C:\RHDSetup.log
[11/02/2009 - 20:26:54 | N | 176] C:\SWSTAMP.TXT
[15/04/2013 - 10:47:21 | SHD ] C:\System Volume Information
[20/06/2011 - 13:54:15 | D ] C:\systems.Bin
[14/04/2013 - 23:40:35 | D ] C:\Temp
[04/03/2011 - 18:56:17 | D ] C:\Toshiba
[15/04/2013 - 11:31:30 | D ] C:\totalcmd
[15/04/2013 - 18:04:02 | D ] C:\UsbFix
[15/04/2013 - 18:04:16 | A | 15728] C:\UsbFix [Clean 1] BEATAZMOREK.txt
[15/04/2013 - 17:17:14 | N | 3489] C:\UsbFix [Listing 1 ] BEATAZMOREK.txt
[15/04/2013 - 17:58:45 | N | 14937] C:\UsbFix [Scan 1] BEATAZMOREK.txt
[16/05/2012 - 12:57:13 | N | 250] C:\user.js
[04/03/2011 - 19:28:54 | D ] C:\Users
[15/04/2013 - 11:31:22 | D ] C:\Windows
[25/08/2008 - 11:57:33 | D ] C:\Works
[15/04/2013 - 17:06:56 | D ] D:\
[04/03/2011 - 19:29:23 | SHD ] E:\$RECYCLE.BIN
[12/08/2011 - 14:05:42 | D ] E:\c62c65673700ec2882861a449a2939
[05/04/2012 - 00:05:25 | D ] E:\filmy
[17/11/2009 - 04:14:31 | D ] E:\HDDRecovery
[15/12/2008 - 11:42:55 | N | 11] E:\R10719PL.tag
[16/11/2009 - 18:17:27 | SHD ] E:\System Volume Information
[17/03/2012 - 21:33:46 | R | 535] G:\AutoRun.dat
[16/03/2012 - 20:44:40 | R | 328192] G:\AutoRun.exe
[20/03/2012 - 18:48:49 | R | 51] G:\autorun.inf
[04/09/2009 - 15:52:00 | R | 289616] G:\ejectdisk.exe
[16/04/2008 - 17:51:32 | R | 3262] G:\Plus Internet.ico
[02/03/2012 - 19:29:26 | R | 5361680] G:\setup.exe
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.org |przez ordynat 15 Kwi 2013, 19:10
[15/04/2013 - 17:06:56 | D ] D:\ ?
przez beata_zm 15 Kwi 2013, 19:31
przez ordynat 15 Kwi 2013, 20:15
D:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [KINGSTON] # FAT32
:OTL
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [wuaucldt] c:\users\beata\wuaucldt.exe File not found
O4 - HKCU..\Run: [XH3W7YYDZUUBYG4ZHPGKQYRPRWQ] C:\debug.Bin\111B3F405AD.exe File not found
O4 - HKCU..\Run: [XW3X2Y3DZUUBYG4ZMI] C:\debug.Bin\111B3F405AD.exe File not found
O4 - Startup: C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\12402b16c8.dat ()
O4 - Startup: C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2cfad16c8.dat ()
F3 - HKCU WinNT: Load - (C:\Users\Beata\LOCALS~1\Temp\cciknaq.com) - C:\Users\Beata\Local Settings\Temp\cciknaq.com ()
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O4 - HKCU..\Run: [KB223888.exe] "C:\Users\Beata\AppData\Roaming\KB223888.exe" File not found
O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Users\Beata\AppData\Roaming\WMPRWISE.EXE File not found
O4 - HKCU..\Run: [g7k] C:\Users\Beata\g7k.exe File not found
O4 - HKCU..\Run: [{3D6CCA61-87A6-AD7E-3E4C-A1DA35B182C7}] C:\Users\Beata\AppData\Roaming\Xyqex\dioqg.exe File not found
O4 - HKCU..\Run: [{3E0974E9-552C-B216-F9EA-082D8588AA2D}] C:\Users\Beata\AppData\Roaming\Wuvo\sioh.exe File not found
O4 - HKCU..\Run: [3Y9IVJ3WWB6G8H8H] C:\systems.Bin\C6393F7D5AD.exe File not found
O4 - HKCU..\Run: [conhost] C:\Users\Beata\AppData\Roaming\Microsoft\conhost.exe File not found
O4 - HKCU..\Run: [cskcomka] C:\Users\Beata\cskcomka.exe File not found
O4 - HKCU..\Run: [ds1kn2cnzbvcrkhinyw2jxvw3lumoza] "C:\Users\Beata\AppData\Roaming\xgxcychcuvxwi2y2isagajrqvjacp3b2\csrss.exe" File not found
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=KW_ss&mntrId=3c2c01360000000000000024d2ac70db&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2013-02-25 08:32:01 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\plugin@yontoo.com.xpi
[2010-07-28 18:31:24 | 000,001,244 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\searchplugins\winamp-search.xml
[2012-05-16 12:56:07 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
:Files
C:\Users\Beata\AppData\Roaming\hb1cyuxovhlkn2bg3tsoaqacptgslcg2
C:\Users\Beata\AppData\Roaming\engib2bfzpprl2yztv33id3syxeyfhu2
C:\Users\Beata\AppData\Roaming\ccjdynzs2xykqqhwaqdoz3yhgoetg3t2
C:\Users\Beata\AppData\Roaming\Babylon
C:\Users\Beata\AppData\Roaming\1b3nrznnzkza1qpmpgp3ckauzkkenpw2
C:\Users\Beata\AppData\Roaming\1ccuftvl3mxpjemlb33vw2pvdfvdluv2
C:\Users\Beata\AppData\Local\i25yncrr27168783v12a5c3x328l
C:\ProgramData\i25yncrr27168783v12a5c3x328l
C:\Users\Beata\AppData\Roaming\Uxypwu
C:\Users\Beata\AppData\Roaming\Wuvo
C:\Users\Beata\AppData\Roaming\x1s2eadphwmfanxh2xtesuewiouxdfsj2
C:\Users\Beata\AppData\Roaming\x3pbimobuliapchjbskcwpwpuyl1pbwi2
C:\Users\Beata\AppData\Roaming\x3rjcvfpyryek2hzjimv2pjvgwmwmmwq2
C:\Users\Beata\AppData\Roaming\xb2wsu13yrqbo1famcxq2kujkc1gbbuh2
C:\Users\Beata\AppData\Roaming\xcfsniucv3laacqgngbclltarlbxarja2
C:\Users\Beata\AppData\Roaming\xdvqwytjbjfjyzyvzg2p1o2d2hqtdbaw2
C:\Users\Beata\AppData\Roaming\xdyi1aiafyyreqx2qvqmoxvwuknzojew2
C:\Users\Beata\AppData\Roaming\xedhyfb2oaihlbbqqqqezzqdr2izuaub2
C:\Users\Beata\AppData\Roaming\xfc1s33haj3vvuepkb2jzhxwzziflf1s2
C:\Users\Beata\AppData\Roaming\xhhdhrkhjoigkvrqwf2pyafnesycvq232
C:\Users\Beata\AppData\Roaming\xiqnbraajdaaxngpovfthdlqnjxnokvc2
C:\Users\Beata\AppData\Roaming\xjiqdprvqdcdnyqgg2zxqkejbiqjqn3c2
C:\Users\Beata\AppData\Roaming\xjlrkzrucleym2leedhlrkusekowakv32
C:\Users\Beata\AppData\Roaming\xlrbpnnq3dz3oktqbv21rujrms2phqfp2
C:\Users\Beata\AppData\Roaming\xluggfwypowstujqadn1czvugehhlcfh2
C:\Users\Beata\AppData\Roaming\xmcdw1p23vcq3n2trjqcopmqccaerztp2
C:\Users\Beata\AppData\Roaming\xmncbedrasaevfn1bg3rymorffwwvneq2
C:\Users\Beata\AppData\Roaming\xn2edkrgzeshtilceubrw3ueugixxrpi2
C:\Users\Beata\AppData\Roaming\xnsrfcbxwzasjahy3puja23swumjs2i32
C:\Users\Beata\AppData\Roaming\xpnlpuqlqjddxqrw3eiccnmyfrzzbcng2
C:\Users\Beata\AppData\Roaming\xpwsdu1hua1wq2bvawjt12nj1jklnuam2
C:\Users\Beata\AppData\Roaming\xq2hbi1o3w3wm2txytexptsvlhcwhieu2
C:\Users\Beata\AppData\Roaming\xrli1sztckoxcjdmtjhowpntqslubyh2
C:\Users\Beata\AppData\Roaming\xspvrqzx3zevxlebhbs3ywgaoamtpzsl2
C:\Users\Beata\AppData\Roaming\xvbavajinu3psqsbkarwhjqkbxliczsa2
C:\Users\Beata\AppData\Roaming\xvfkswzn1b2xmnvluifwdvkjipebsqqe2
C:\Users\Beata\AppData\Roaming\xwgjfc3m31yddedmskqvazyigiq2kveu2
C:\Users\Beata\AppData\Roaming\Xyqex
C:\Users\Beata\AppData\Roaming\xyvcxmyvnfqiszqtjhr2jjlkhfvlgraj2
C:\Users\Beata\AppData\Roaming\Ysihyg
C:\Users\Beata\AppData\Roaming\Poahuh
C:\Users\Beata\AppData\Roaming\PowerMgr
C:\Users\Beata\AppData\Roaming\rbajbqddtbfhrnosqpopr3cokoqygwn2
C:\Users\Beata\AppData\Roaming\saamjzs3hcjjqt3ltgl2ekhhcdpkx1o2
C:\Users\Beata\AppData\Roaming\Ofed
C:\Users\Beata\AppData\Roaming\kuxojllcam13wyjswcvkzrzgo2cyxgy2
C:\Users\Beata\AppData\Roaming\kzhyai232cgm2gxfiqym2idmym3ffdf2
C:\ProgramData\Premium
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.pl/"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.pl/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}]
:Commands
[emptytemp]
przez beata_zm 15 Kwi 2013, 22:08
# AdwCleaner v2.200 - Log utworzony 15/04/2013 o 21:20:57
# Aktualizacja 02/04/2013 przez Xplode
# System operacyjny : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Użytkownik : Beata - BEATAZMOREK
# Tryb uruchomienia : Normalny
# Ścieżka : C:\Users\Beata\Desktop\adwcleaner.exe
# Opcja [Usuń]
***** [Usługi] *****
***** [Pliki / Foldery] *****
Folder Usunięto : C:\Program Files\Conduit
Folder Usunięto : C:\Program Files\Optimizer Pro
Folder Usunięto : C:\Program Files\PHPNukeEN
Folder Usunięto : C:\Program Files\Winamp Toolbar
Folder Usunięto : C:\Program Files\Yontoo
Folder Usunięto : C:\ProgramData\Babylon
Folder Usunięto : C:\ProgramData\InstallMate
Folder Usunięto : C:\ProgramData\Tarma Installer
Folder Usunięto : C:\ProgramData\Winamp Toolbar
Folder Usunięto : C:\Users\Beata\AppData\Local\Babylon
Folder Usunięto : C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Usunięto : C:\Users\Beata\AppData\Local\Temp\BabylonToolbar
Folder Usunięto : C:\Users\Beata\AppData\Local\Winamp Toolbar
Folder Usunięto : C:\Users\Beata\AppData\LocalLow\Conduit
Folder Usunięto : C:\Users\Beata\AppData\LocalLow\PHPNukeEN
Folder Usunięto : C:\Users\Beata\AppData\Roaming\Babylon
Folder Usunięto : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
Folder Usunięto : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
Folder Usunięto : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\jetpack
Folder Usunięto : C:\Users\Gość\AppData\Local\Winamp Toolbar
Folder Usunięto : C:\Users\Gość\AppData\LocalLow\Conduit
Folder Usunięto : C:\Users\Gość\AppData\LocalLow\PHPNukeEN
Plik Usunięto : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Plik Usunięto : C:\user.js
Usunięto po restarcie : C:\ProgramData\Premium
***** [Rejestr] *****
Klucz Usunięto : HKCU\Software\AppDataLow\Software\Conduit
Klucz Usunięto : HKCU\Software\AppDataLow\Software\PHPNukeEN
Klucz Usunięto : HKCU\Software\AppDataLow\Toolbar
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PHPNukeEN Toolbar
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Usunięto : HKCU\Software\Winamp Toolbar
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{7A47A765-71F3-4F34-905A-9EBB681799D0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2086743
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Klucz Usunięto : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Klucz Usunięto : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Klucz Usunięto : HKLM\Software\Conduit
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7A47A765-71F3-4F34-905A-9EBB681799D0}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeEN Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Klucz Usunięto : HKLM\Software\PHPNukeEN
Klucz Usunięto : HKLM\SOFTWARE\Software
Klucz Usunięto : HKLM\Software\Tarma Installer
Klucz Usunięto : HKLM\Software\Winamp Toolbar
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}]
***** [Przeglądarki Internetowe] *****
-\\ Internet Explorer v8.0.6001.19412
[OK] Rejestr w porządku.
-\\ Mozilla Firefox v20.0.1 (pl)
Plik : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\prefs.js
C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\user.js ... Usunięto !
Usunięto : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Usunięto : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Usunięto : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir[...]
Usunięto : user_pref("browser.search.order.1", "Search the web (Babylon)");
Usunięto : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Usunięto : user_pref("extensions.BabylonToolbar_i.babExt", "");
Usunięto : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=100512_4_");
Usunięto : user_pref("extensions.BabylonToolbar_i.hardId", "3c2c01360000000000000024d2ac70db");
Usunięto : user_pref("extensions.BabylonToolbar_i.id", "3c2c01360000000000000024d2ac70db");
Usunięto : user_pref("extensions.BabylonToolbar_i.instlDay", "15476");
Usunięto : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Usunięto : user_pref("extensions.BabylonToolbar_i.newTab", true);
Usunięto : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=10051[...]
Usunięto : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Usunięto : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Usunięto : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Usunięto : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Usunięto : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Usunięto : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Usunięto : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:57:03");
Usunięto : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Usunięto : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,player%40vividas.com:4.1.3[...]
Usunięto : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,BestVideoDownloader,EzLooker,T[...]
Usunięto : user_pref("extentions.y2layers.installId", "703263fb-f469-4f8a-b9b3-b3f4a6359957");
Usunięto : user_pref("extentions.y2layers.lastDnsTest", 371985);
Usunięto : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=KW_ss&mntrId=3[...]
Usunięto : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
-\\ Google Chrome v26.0.1410.64
Plik : C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Preferences
Usunięto [l.22] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Usunięto [l.25] : keyword = "babylon.com",
Usunięto [l.28] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",
-\\ Opera v [Nie udało się określić wersji]
Plik : C:\Users\Beata\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Plik w porządku.
*************************
AdwCleaner[S1].txt - [14716 octets] - [15/04/2013 21:20:57]
########## EOF - C:\AdwCleaner[S1].txt - [14777 octets] ##########All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wuaucldt deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XH3W7YYDZUUBYG4ZHPGKQYRPRWQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XW3X2Y3DZUUBYG4ZMI deleted successfully.
C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\12402b16c8.dat moved successfully.
C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2cfad16c8.dat moved successfully.
File move failed. C:\Users\Beata\Local Settings\Temp\cciknaq.com scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Beata\LOCALS~1\Temp\cciknaq.com deleted successfully.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\Windows\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KB223888.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Firewall 2.9 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\g7k deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{3D6CCA61-87A6-AD7E-3E4C-A1DA35B182C7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D6CCA61-87A6-AD7E-3E4C-A1DA35B182C7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{3E0974E9-552C-B216-F9EA-082D8588AA2D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E0974E9-552C-B216-F9EA-082D8588AA2D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\3Y9IVJ3WWB6G8H8H deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\conhost deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cskcomka deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ds1kn2cnzbvcrkhinyw2jxvw3lumoza deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{dd02a4eb-4afd-4d60-99d8-e67f964ca813} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\ not found.
File C:\Program Files\PHPNukeEN\tbPHPN.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files\Yontoo\YontooIEClient.dll not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\ not found.
File C:\Program Files\PHPNukeEN\tbPHPN.dll not found.
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Prefs.js: "http://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=KW_ss&mntrId=3c2c01360000000000000024d2ac70db&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\plugin@yontoo.com.xpi moved successfully.
C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\searchplugins\winamp-search.xml moved successfully.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
========== FILES ==========
C:\Users\Beata\AppData\Roaming\hb1cyuxovhlkn2bg3tsoaqacptgslcg2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\engib2bfzpprl2yztv33id3syxeyfhu2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\ccjdynzs2xykqqhwaqdoz3yhgoetg3t2 folder moved successfully.
File\Folder C:\Users\Beata\AppData\Roaming\Babylon not found.
C:\Users\Beata\AppData\Roaming\1b3nrznnzkza1qpmpgp3ckauzkkenpw2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\1ccuftvl3mxpjemlb33vw2pvdfvdluv2 folder moved successfully.
C:\Users\Beata\AppData\Local\i25yncrr27168783v12a5c3x328l moved successfully.
C:\ProgramData\i25yncrr27168783v12a5c3x328l moved successfully.
C:\Users\Beata\AppData\Roaming\Uxypwu folder moved successfully.
C:\Users\Beata\AppData\Roaming\Wuvo folder moved successfully.
C:\Users\Beata\AppData\Roaming\x1s2eadphwmfanxh2xtesuewiouxdfsj2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\x3pbimobuliapchjbskcwpwpuyl1pbwi2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\x3rjcvfpyryek2hzjimv2pjvgwmwmmwq2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xb2wsu13yrqbo1famcxq2kujkc1gbbuh2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xcfsniucv3laacqgngbclltarlbxarja2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xdvqwytjbjfjyzyvzg2p1o2d2hqtdbaw2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xdyi1aiafyyreqx2qvqmoxvwuknzojew2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xedhyfb2oaihlbbqqqqezzqdr2izuaub2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xfc1s33haj3vvuepkb2jzhxwzziflf1s2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xhhdhrkhjoigkvrqwf2pyafnesycvq232 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xiqnbraajdaaxngpovfthdlqnjxnokvc2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xjiqdprvqdcdnyqgg2zxqkejbiqjqn3c2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xjlrkzrucleym2leedhlrkusekowakv32 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xlrbpnnq3dz3oktqbv21rujrms2phqfp2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xluggfwypowstujqadn1czvugehhlcfh2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xmcdw1p23vcq3n2trjqcopmqccaerztp2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xmncbedrasaevfn1bg3rymorffwwvneq2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xn2edkrgzeshtilceubrw3ueugixxrpi2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xnsrfcbxwzasjahy3puja23swumjs2i32 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xpnlpuqlqjddxqrw3eiccnmyfrzzbcng2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xpwsdu1hua1wq2bvawjt12nj1jklnuam2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xq2hbi1o3w3wm2txytexptsvlhcwhieu2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xrli1sztckoxcjdmtjhowpntqslubyh2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xspvrqzx3zevxlebhbs3ywgaoamtpzsl2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xvbavajinu3psqsbkarwhjqkbxliczsa2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xvfkswzn1b2xmnvluifwdvkjipebsqqe2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\xwgjfc3m31yddedmskqvazyigiq2kveu2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\Xyqex folder moved successfully.
C:\Users\Beata\AppData\Roaming\xyvcxmyvnfqiszqtjhr2jjlkhfvlgraj2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\Ysihyg folder moved successfully.
C:\Users\Beata\AppData\Roaming\Poahuh folder moved successfully.
C:\Users\Beata\AppData\Roaming\PowerMgr folder moved successfully.
C:\Users\Beata\AppData\Roaming\rbajbqddtbfhrnosqpopr3cokoqygwn2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\saamjzs3hcjjqt3ltgl2ekhhcdpkx1o2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\Ofed folder moved successfully.
C:\Users\Beata\AppData\Roaming\kuxojllcam13wyjswcvkzrzgo2cyxgy2 folder moved successfully.
C:\Users\Beata\AppData\Roaming\kzhyai232cgm2gxfiqym2idmym3ffdf2 folder moved successfully.
C:\ProgramData\Premium\Setup folder moved successfully.
C:\ProgramData\Premium\OptimizerPro1\DNL1.tmp folder moved successfully.
C:\ProgramData\Premium\OptimizerPro1 folder moved successfully.
C:\ProgramData\Premium folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.pl/" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.pl/" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Beata
->Temp folder emptied: 822114984 bytes
->Temporary Internet Files folder emptied: 4137318250 bytes
->Java cache emptied: 120728076 bytes
->FireFox cache emptied: 56453308 bytes
->Google Chrome cache emptied: 22598042 bytes
->Apple Safari cache emptied: 28672 bytes
->Opera cache emptied: 1152378 bytes
->Flash cache emptied: 114442 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gość
->Temp folder emptied: 53690 bytes
->Temporary Internet Files folder emptied: 4041655 bytes
->Flash cache emptied: 784 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85476192 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5 007,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04152013_214400
Files\Folders moved on Reboot...
C:\Users\Beata\Local Settings\Temp\cciknaq.com moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...OTL logfile created on: 2013-04-15 21:56:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beata\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 43,39% Memory free
5,94 Gb Paging File | 4,36 Gb Available in Paging File | 73,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 32,31 Gb Free Space | 27,78% Space Free | Partition Type: NTFS
Drive D: | 7,20 Gb Total Space | 7,20 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive E: | 115,13 Gb Total Space | 93,36 Gb Free Space | 81,09% Space Free | Partition Type: NTFS
Drive G: | 5,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BEATAZMOREK | User Name: Beata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-04-15 19:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beata\Desktop\OTL.exe
PRC - [2013-04-11 23:27:33 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-02-05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012-10-31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-07-12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009-09-23 16:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-09-23 16:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009-07-20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-04-11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-09-26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008-08-25 10:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008-07-18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008-06-24 11:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008-05-09 12:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008-04-24 10:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008-04-24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008-04-17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008-04-08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-02-06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-01-17 17:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008-01-17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007-11-21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007-07-10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2006-10-05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-04-11 23:27:31 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013-02-16 21:14:22 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dae1b2e49e240e879a6523025cc306fb\Microsoft.VisualBasic.ni.dll
MOD - [2013-02-16 21:13:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll
MOD - [2013-02-16 21:11:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013-01-12 01:24:36 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013-01-12 01:06:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013-01-12 01:05:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013-01-12 01:05:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013-01-12 01:05:24 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013-01-12 01:04:41 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll
MOD - [2013-01-12 01:04:28 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll
MOD - [2013-01-12 01:04:23 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013-01-12 01:04:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011-11-02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-11-02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009-03-31 20:05:12 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009-03-31 20:05:12 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008-03-06 11:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007-12-25 13:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007-12-14 22:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006-12-01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006-10-10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006-10-07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013-04-15 18:17:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-11 23:27:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-02-05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013-01-08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009-09-23 16:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-09-23 16:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009-07-20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008-08-25 10:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008-07-18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008-04-24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008-04-17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008-04-16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008-02-06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007-11-21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006-10-05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-10-31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-10-31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-10-31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-10-31 00:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-10-31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-10-31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-10-31 00:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012-02-29 16:43:50 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2012-02-29 16:43:48 | 000,126,976 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2012-02-29 16:43:48 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2012-02-29 16:43:48 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012-02-29 16:43:48 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009-09-23 16:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009-09-23 16:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009-09-23 16:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009-09-23 16:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2008-07-18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008-07-15 20:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008-05-19 20:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-04-28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008-04-15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007-11-09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006-11-28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-11-20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006-10-18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{DD931A32-1848-41F6-A25C-06FA1C520E91}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.pajacyk.pl/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DD931A32-1848-41F6-A25C-06FA1C520E91}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_plPL355
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/?utm_source=appliki&utm_medium=14867&utm_campaign=onetsg_start_pliki"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: player%40vividas.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62949
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Beata\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-22 16:13:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-11 23:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-11 23:27:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-11 23:27:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-11 23:27:22 | 000,000,000 | ---D | M]
[2010-03-08 18:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beata\AppData\Roaming\Mozilla\Extensions
[2013-04-15 21:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions
[2010-04-28 21:04:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-03-02 23:08:58 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\player@vividas.com
[2013-04-15 18:09:59 | 000,350,538 | ---- | M] () (No name found) -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\coupon.checker@kodyrabatowe.pl.xpi
[2012-05-09 12:47:43 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\DivXWebPlayer@divx.com.xpi
[2013-02-14 20:19:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\bj49p86u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-04-11 23:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-04-11 23:27:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-09-16 12:57:06 | 000,189,088 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll
[2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2013-03-27 06:10:45 | 000,002,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2004-11-08 15:42:00 | 000,003,710 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro.png
[2004-11-08 15:42:00 | 000,000,864 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro.src
[2013-03-27 06:10:45 | 000,001,619 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-03-27 06:10:45 | 000,001,130 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2004-11-08 15:42:00 | 000,000,260 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\onet.gif
[2004-11-08 15:42:00 | 000,000,944 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\onet.src
[2013-03-27 06:10:45 | 000,001,071 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2004-11-08 15:42:00 | 000,000,318 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn.gif
[2004-11-08 15:42:00 | 000,000,582 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn.src
[2004-11-08 15:42:00 | 000,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\szukacz.png
[2004-11-08 15:42:00 | 000,000,922 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\szukacz.src
[2013-03-27 06:10:45 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-03-27 06:10:45 | 000,001,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.onet.pl/?utm_source=appliki&utm_medium=14867&utm_campaign=onetsg_start_pliki
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: avast! WebRep = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Plus Internet] C:\Program Files\Plus Internet\PlusInternetChecker.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Beata\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 12\odk_mcd.exe (Franmo Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokalny intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B4D3D1E-FD98-44F2-AD82-D67F52A8613F}: NameServer = 193.41.112.14 193.41.112.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F459519-4F56-454D-9441-9735B47A60CC}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Beata\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Beata\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013-04-15 18:04:16 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-04-15 18:04:18 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2013-04-15 18:04:16 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-03-17 21:33:46 | 000,000,535 | R--- | M] () - G:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2012-03-16 20:44:40 | 000,328,192 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2012-03-20 18:48:49 | 000,000,051 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-04-15 21:44:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-04-15 21:15:51 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\SmartPCFix
[2013-04-15 21:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013-04-15 19:13:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Beata\Desktop\OTL.exe
[2013-04-15 18:04:16 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2013-04-15 17:16:54 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013-04-15 17:16:00 | 001,044,152 | ---- | C] (El Desaparecido - SosVirus.org) -- C:\Users\Beata\Desktop\UsbFix.exe
[2013-04-15 11:31:22 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2013-04-15 11:31:21 | 000,000,000 | ---D | C] -- C:\totalcmd
[2013-04-15 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\GHISLER
[2013-04-15 11:29:18 | 000,000,000 | ---D | C] -- C:\Users\Beata\Desktop\Nowy folder (2)
[2013-04-14 23:40:44 | 000,000,000 | ---D | C] -- C:\Users\Beata\Local Settings
[2013-04-14 23:40:35 | 000,000,000 | ---D | C] -- C:\Temp
[2013-04-11 23:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-04-10 13:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013-04-10 13:00:01 | 001,484,120 | ---- | C] (Microsoft Corporation) -- C:\Users\Beata\Desktop\WorksConv.exe
[2013-04-10 12:27:01 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\Microsoft Help
[2013-04-10 09:09:30 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-04-10 09:09:29 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-04-10 09:09:29 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013-04-10 09:09:19 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-04-10 09:09:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-04-10 09:09:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013-04-10 09:09:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-04-10 09:09:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-04-10 09:09:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-04-10 09:09:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-04-10 09:09:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-04-10 09:09:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-04-10 09:09:15 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-04-10 09:09:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-04-10 09:09:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-04-10 09:09:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-04-10 09:09:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-04-10 09:09:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-04-10 09:09:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-04-10 09:09:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-04-10 09:09:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-04-10 09:09:11 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013-04-10 09:09:10 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-03-25 13:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-03-25 13:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013-03-25 13:45:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013-03-22 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2100-01-01 01:02:03 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D055F948-BFD9-465C-8D0E-A7D41A2882BC}.job
[2013-04-15 21:58:43 | 000,672,834 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-04-15 21:58:43 | 000,592,836 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-04-15 21:58:43 | 000,130,952 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-04-15 21:58:43 | 000,100,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-04-15 21:53:10 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-04-15 21:53:03 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{9950E281-9E5B-47C7-B6FF-1C6C127A8855}.job
[2013-04-15 21:53:03 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\SmartPCFix Task.job
[2013-04-15 21:53:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-04-15 21:50:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-04-15 21:50:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-04-15 21:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-04-15 21:50:45 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2013-04-15 21:25:48 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-04-15 21:21:26 | 000,000,090 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013-04-15 21:20:49 | 000,613,083 | ---- | M] () -- C:\Users\Beata\Desktop\adwcleaner.exe
[2013-04-15 20:35:06 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-838504607-4018334040-2590903565-1000UA.job
[2013-04-15 19:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beata\Desktop\OTL.exe
[2013-04-15 18:17:14 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-04-15 18:17:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-04-15 17:16:35 | 001,044,152 | ---- | M] (El Desaparecido - SosVirus.org) -- C:\Users\Beata\Desktop\UsbFix.exe
[2013-04-14 23:35:03 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-838504607-4018334040-2590903565-1000Core.job
[2013-04-13 19:33:02 | 000,322,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-04-11 10:27:34 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-04-10 13:04:10 | 000,000,330 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\wklnhst.dat
[2013-04-10 13:00:33 | 001,484,120 | ---- | M] (Microsoft Corporation) -- C:\Users\Beata\Desktop\WorksConv.exe
[2013-04-10 12:57:57 | 000,064,512 | ---- | M] () -- C:\Users\Beata\Desktop\Beata Zmorek- cv.wps
[2013-04-06 16:21:12 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-04-04 21:32:49 | 000,102,912 | ---- | M] () -- C:\Users\Beata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-25 13:45:52 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-04-15 21:21:07 | 000,000,090 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013-04-15 21:20:35 | 000,613,083 | ---- | C] () -- C:\Users\Beata\Desktop\adwcleaner.exe
[2013-04-15 21:15:52 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\SmartPCFix Task.job
[2013-04-15 11:31:22 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2013-04-15 11:31:22 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2013-04-15 11:31:22 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2013-04-15 11:31:22 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2013-04-15 11:31:22 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2013-04-15 11:31:22 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2013-04-10 12:32:28 | 000,064,512 | ---- | C] () -- C:\Users\Beata\Desktop\Beata Zmorek- cv.wps
[2013-03-25 13:45:52 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-07-29 11:02:04 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{1F2400C3-E705-414B-9CA8-A11A1C267FA9}
[2011-06-27 19:50:37 | 000,000,576 | -H-- | C] () -- C:\ProgramData\common.data
[2011-04-12 15:46:06 | 000,000,680 | ---- | C] () -- C:\Users\Beata\AppData\Local\d3d9caps.dat
[2010-03-03 18:23:42 | 000,000,330 | ---- | C] () -- C:\Users\Beata\AppData\Roaming\wklnhst.dat
[2009-11-28 17:00:03 | 000,026,340 | ---- | C] () -- C:\Users\Beata\AppData\Roaming\UserTile.png
[2009-11-16 18:56:23 | 000,102,912 | ---- | C] () -- C:\Users\Beata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >przez ordynat 16 Kwi 2013, 09:11
przez beata_zm 16 Kwi 2013, 13:28
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 22 gości