wklejto.pl

Dodane przez: ~Anonim (2013-12-15 23:33) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
OTL logfile created on: 2013-12-15 20:49:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\rachael\Documents\otl
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd
 
1013,09 Mb Total Physical Memory | 173,59 Mb Available Physical Memory | 17,14% Memory free
1,99 Gb Paging File | 0,72 Gb Available in Paging File | 36,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 187,92 Gb Free Space | 85,50% Space Free | Partition Type: NTFS
 
Computer Name: RACHAEL-PC | User Name: rachael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-12-15 20:38:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rachael\Documents\otl\OTL.exe
PRC - [2013-11-18 14:32:40 | 003,780,064 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
PRC - [2013-10-10 13:14:51 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013-09-06 16:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013-08-17 22:34:12 | 000,498,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
PRC - [2013-03-07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\rachael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013-02-17 00:57:44 | 000,916,480 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2013-01-29 14:28:02 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012-12-30 21:35:20 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\rachael\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012-10-30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-09-03 10:24:10 | 004,895,192 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\FantastiGames\GPlayer.exe
PRC - [2010-11-02 04:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010-08-10 09:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010-08-10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010-08-10 09:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010-07-14 11:01:28 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-06-11 14:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
PRC - [2010-06-11 14:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
PRC - [2010-06-11 14:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
PRC - [2010-01-29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010-01-08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Registration\GREGsvc.exe
PRC - [2009-12-02 21:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-12-02 21:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009-10-09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009-07-14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009-06-04 15:28:36 | 000,184,320 | ---- | M] (Ours Technology Inc.) -- C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-11-18 14:32:40 | 003,780,064 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
MOD - [2013-11-18 14:31:07 | 003,618,304 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
MOD - [2013-03-07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\rachael\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013-03-07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\rachael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013-03-07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\rachael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013-01-29 14:28:02 | 000,170,840 | ---- | M] () -- C:\Program Files\Web Assistant\Extension32.dll
MOD - [2009-07-14 04:43:28 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll
MOD - [2009-07-14 04:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009-07-14 04:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009-07-14 04:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009-07-14 04:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009-07-14 04:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009-07-14 04:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009-06-10 21:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009-05-20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2013-11-18 14:32:40 | 003,780,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard)
SRV - [2013-10-15 08:43:06 | 001,432,368 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013-10-10 14:15:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-10-07 19:19:22 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013-10-03 12:59:43 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-09-06 16:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013-07-25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-01-29 14:28:02 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV - [2012-10-30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-03-07 02:20:00 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-10-12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-08-10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010-06-11 14:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010-01-29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010-01-08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009-12-02 21:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-12-02 21:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009-10-09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009-07-14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\L1C62x86.sys -- (L1C)
DRV - [2012-10-30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-10-30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-10-30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-10-30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-10-30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-10-15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2011-08-29 15:19:20 | 000,047,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\FantastiGames\X6XSEx_Pr143.sys -- (X6XSEx_Pr143)
DRV - [2011-03-24 08:53:02 | 000,168,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2011-03-24 08:53:02 | 000,085,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011-03-24 08:53:02 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011-03-24 08:53:02 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011-03-24 08:53:00 | 000,191,872 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-03-24 08:53:00 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011-03-24 08:53:00 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2011-03-24 08:53:00 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010-08-11 10:44:02 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV - [2010-08-11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010-08-11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010-08-11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010-08-11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010-08-11 10:44:02 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010-07-15 21:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010-06-17 06:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010-05-20 13:40:28 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV - [2009-12-02 21:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009-12-02 21:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009-12-02 21:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009-12-02 21:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009-07-13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=164&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3454192019494052&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=HP_ss_Btisdt4&mntrId=3C0D68A3C42D63AB&affID=119357&tsp=4944
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=HP_ss_Btisdt4&mntrId=3C0D68A3C42D63AB&affID=119357&tsp=4944
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IE
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3C0D68A3C42D63AB&affID=119357&tsp=4944
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IE
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=164&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3454192019494052&q={searchTerms}
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyMmgFXGc&i=26
IE - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Merlin"
FF - prefs.js..browser.search.selectedEngine: "Merlin"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: player%40vividas.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/?a=6OyMmgFXGc&loc=skw&search="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\FantastiGames\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\rachael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\rachael\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013-03-01 21:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-27 19:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013-03-01 21:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012-11-27 16:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rachael\AppData\Roaming\mozilla\Extensions
[2013-10-03 13:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rachael\AppData\Roaming\mozilla\Firefox\Profiles\usq78gn4.default\extensions
[2012-12-05 19:02:47 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\rachael\AppData\Roaming\mozilla\Firefox\Profiles\usq78gn4.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013-07-15 16:04:12 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\rachael\AppData\Roaming\mozilla\Firefox\Profiles\usq78gn4.default\extensions\ffxtlbr@delta.com
[2012-12-24 09:56:28 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Users\rachael\AppData\Roaming\mozilla\Firefox\Profiles\usq78gn4.default\extensions\player@vividas.com
[2013-07-15 16:03:50 | 000,006,507 | ---- | M] () -- C:\Users\rachael\AppData\Roaming\mozilla\firefox\profiles\usq78gn4.default\searchplugins\babylon.xml
[2013-07-15 16:04:19 | 000,001,294 | ---- | M] () -- C:\Users\rachael\AppData\Roaming\mozilla\firefox\profiles\usq78gn4.default\searchplugins\delta.xml
[2013-11-25 13:44:19 | 000,002,115 | ---- | M] () -- C:\Users\rachael\AppData\Roaming\mozilla\firefox\profiles\usq78gn4.default\searchplugins\MyStart Search.xml
[2012-12-05 19:02:26 | 000,002,687 | ---- | M] () -- C:\Users\rachael\AppData\Roaming\mozilla\firefox\profiles\usq78gn4.default\searchplugins\Search_Results.xml
[2013-07-15 16:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013-07-04 08:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-11-19 17:15:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-12-05 19:02:26 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.572_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\igbhdcmdcidbkofenmmfkanjpmebphca\1.0_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\igbhdcmdcidbkofenmmfkanjpmebphca\1.0_1\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\
CHR - Extension: No name found = C:\Users\rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009-06-10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll (MusicLab, LLC)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll ()
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\rachael\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [OMEA] C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe (Ours Technology Inc.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000..\Run: [Facebook Update] C:\Users\rachael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2896985462-4248076663-2081509042-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\rachael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{140ECE9F-42CC-488D-9D60-780E16510F01}: NameServer = 10.203.65.68 10.203.65.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BD30875-6863-4D6F-9FEF-71288833F4BA}: NameServer = 88.82.13.44 88.82.13.44
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91FE4B25-452F-4FCF-B98C-6CCB426CC461}: NameServer = 88.82.13.12 88.82.13.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5D68B13-6083-4595-A475-F09008EA76C9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0347DDC-7D39-45E8-BE6C-BD22C7D5BB74}: NameServer = 88.82.13.44 88.82.13.44
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0b42f0f6-ee34-11e1-b67c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0b42f0f6-ee34-11e1-b67c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{14405c33-3101-11e1-9901-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{14405c33-3101-11e1-9901-72a3c42d63ab}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1911b903-f9c9-11e1-b60d-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{1911b903-f9c9-11e1-b60d-72a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2b08edee-e339-11e1-8895-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2b08edee-e339-11e1-8895-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{34ca0801-f292-11e1-b6c6-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{34ca0801-f292-11e1-b6c6-72a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4279e503-ef8f-11e1-8add-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{4279e503-ef8f-11e1-8add-1c7508db9d55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4a2564e3-e969-11e1-8a63-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2564e3-e969-11e1-8a63-1c7508db9d55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4b80ce1e-37cf-11e1-ac95-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{4b80ce1e-37cf-11e1-ac95-1c7508db9d55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5985cfdc-eb9d-11e1-b500-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{5985cfdc-eb9d-11e1-b500-1c7508db9d55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5a58f543-679a-11e2-a279-ec1d4c033f9c}\Shell - "" = AutoRun
O33 - MountPoints2\{5a58f543-679a-11e2-a279-ec1d4c033f9c}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{676f51ee-e4d1-11e1-88e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{676f51ee-e4d1-11e1-88e4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6f9d048a-fd91-11e1-88ff-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{6f9d048a-fd91-11e1-88ff-1c7508db9d55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7f6477d6-f2c4-11e1-8f65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7f6477d6-f2c4-11e1-8f65-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{816bf65f-fc35-11e1-903c-68a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{816bf65f-fc35-11e1-903c-68a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{816bf667-fc35-11e1-903c-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{816bf667-fc35-11e1-903c-72a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{aba85c66-e2f5-11e1-890c-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{aba85c66-e2f5-11e1-890c-72a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{af01480a-ab68-11e0-a4be-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{af01480a-ab68-11e0-a4be-1c7508db9d55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bac0ea8e-e6f3-11e1-8920-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{bac0ea8e-e6f3-11e1-8920-72a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{bac0ea92-e6f3-11e1-8920-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{bac0ea92-e6f3-11e1-8920-72a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c0614883-3352-11e2-b6d6-68a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c0614883-3352-11e2-b6d6-68a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c107ce6e-e960-11e1-898e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c107ce6e-e960-11e1-898e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{cfcb762d-e58e-11e1-b556-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cfcb762d-e58e-11e1-b556-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d6cd47bf-2f1d-11e1-93c5-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{d6cd47bf-2f1d-11e1-93c5-1c7508db9d55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d6cd47dc-2f1d-11e1-93c5-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{d6cd47dc-2f1d-11e1-93c5-1c7508db9d55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d7100f17-e3f5-11e1-8a26-72a3c42d63ab}\Shell - "" = AutoRun
O33 - MountPoints2\{d7100f17-e3f5-11e1-8a26-72a3c42d63ab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{fc184485-ea1f-11e1-b5a9-1c7508db9d55}\Shell - "" = AutoRun
O33 - MountPoints2\{fc184485-ea1f-11e1-b5a9-1c7508db9d55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-12-15 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013-12-15 20:37:23 | 000,000,000 | ---D | C] -- C:\Users\rachael\Documents\otl
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-12-15 21:10:42 | 002,097,152 | -HS- | M] () -- C:\Users\rachael\ntuser.dat
[2013-12-15 21:03:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-15 21:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-15 20:59:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-12-15 20:59:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-12-15 20:59:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-12-15 20:37:13 | 001,818,881 | -H-- | M] () -- C:\Users\rachael\AppData\Local\IconCache.db
[2013-12-15 19:55:04 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-15 19:55:04 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-15 19:54:04 | 000,714,754 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2013-12-15 19:54:04 | 000,620,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-12-15 19:54:04 | 000,107,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-12-15 19:47:10 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-12-15 19:47:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-12-15 19:46:18 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{F1BDF94D-5194-4DF6-8C28-23496FF7F5AF}.job
[2013-12-15 19:46:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013-12-15 19:46:11 | 000,524,288 | -HS- | M] () -- C:\Users\rachael\ntuser.dat{819275f0-659e-11e3-8c0d-68a3c42d63ab}.TMContainer00000000000000000002.regtrans-ms
[2013-12-15 19:46:11 | 000,524,288 | -HS- | M] () -- C:\Users\rachael\ntuser.dat{819275f0-659e-11e3-8c0d-68a3c42d63ab}.TMContainer00000000000000000001.regtrans-ms
[2013-12-15 19:46:11 | 000,065,536 | -HS- | M] () -- C:\Users\rachael\ntuser.dat{819275f0-659e-11e3-8c0d-68a3c42d63ab}.TM.blf
[2013-12-15 19:46:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-12-15 19:45:55 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-12-15 19:46:11 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{819275f0-659e-11e3-8c0d-68a3c42d63ab}.TMContainer00000000000000000002.regtrans-ms
[2013-12-15 19:46:11 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{819275f0-659e-11e3-8c0d-68a3c42d63ab}.TMContainer00000000000000000001.regtrans-ms
[2013-12-15 19:46:11 | 000,065,536 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{819275f0-659e-11e3-8c0d-68a3c42d63ab}.TM.blf
[2013-08-29 21:09:57 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{4d650119-10ef-11e3-afb2-68a3c42d63ab}.TMContainer00000000000000000002.regtrans-ms
[2013-08-29 21:09:57 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{4d650119-10ef-11e3-afb2-68a3c42d63ab}.TMContainer00000000000000000001.regtrans-ms
[2013-08-29 21:09:57 | 000,065,536 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{4d650119-10ef-11e3-afb2-68a3c42d63ab}.TM.blf
[2013-03-20 14:50:29 | 000,000,063 | ---- | C] () -- C:\Users\rachael\AppData\Roaming\mbam.context.scan
[2012-11-28 00:08:47 | 000,000,418 | ---- | C] () -- C:\Windows\wininit.ini
[2012-09-14 21:46:11 | 001,432,368 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012-02-02 17:09:36 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{a0b0273a-4dc0-11e1-9026-68a3c42d63ab}.TMContainer00000000000000000002.regtrans-ms
[2012-02-02 17:09:36 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{a0b0273a-4dc0-11e1-9026-68a3c42d63ab}.TMContainer00000000000000000001.regtrans-ms
[2012-02-02 17:09:36 | 000,065,536 | -HS- | C] () -- C:\Users\rachael\ntuser.dat{a0b0273a-4dc0-11e1-9026-68a3c42d63ab}.TM.blf
[2011-12-25 17:36:28 | 000,076,288 | ---- | C] () -- C:\Users\rachael\2057.MST
[2011-12-25 17:36:25 | 020,194,276 | ---- | C] () -- C:\Users\rachael\Vodafone Mobile Broadband.msi
[2011-07-10 03:21:19 | 001,818,881 | -H-- | C] () -- C:\Users\rachael\AppData\Local\IconCache.db
[2011-07-10 02:57:05 | 000,058,640 | ---- | C] () -- C:\Users\rachael\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-07-10 02:56:51 | 002,097,152 | -HS- | C] () -- C:\Users\rachael\ntuser.dat
[2011-07-10 02:56:51 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011-07-10 02:56:51 | 000,524,288 | -HS- | C] () -- C:\Users\rachael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011-07-10 02:56:51 | 000,065,536 | -HS- | C] () -- C:\Users\rachael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011-07-10 02:56:51 | 000,000,020 | -HS- | C] () -- C:\Users\rachael\ntuser.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 14:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013-12-15 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\BabSolution
[2013-12-15 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\Delta
[2013-12-15 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\File Scout
[2012-11-27 16:24:55 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\Gadu-Gadu 10
[2013-08-30 06:08:59 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\GG
[2012-07-29 23:32:48 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\MusicNet
[2012-11-28 00:05:17 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\Nowe Gadu-Gadu
[2012-11-27 19:44:24 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\OpenFM
[2012-12-13 14:10:12 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\SoftGrid Client
[2012-12-05 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\TFP
[2011-07-12 07:06:03 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\Tific
[2012-04-15 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\TP
[2011-07-10 03:16:49 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\Vodafone
[2012-11-29 10:58:32 | 000,000,000 | ---D | M] -- C:\Users\rachael\AppData\Roaming\WildTangent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
< End of report >
 
Wygenerowano w 0.176s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!