Skocz do zawartości
Zamknięcie Forum PC LAB

Szanowny Użytkowniku,

Informujemy, że za 30 dni tj. 30 listopada 2024 r. serwis internetowy Forum PC LAB zostanie zamknięty.

Administrator Serwisu Forum PC LAB - Ringier Axel Springer Polska sp. z o.o. z siedzibą w Warszawie: wypowiada całość usług Serwisu Forum PC LAB z zachowaniem miesięcznego okresu wypowiedzenia.

Administrator Serwisu Forum PC LAB informuje, że:

  1. Z dniem 29 listopada 2024 r. zakończy się świadczenie wszystkich usług Serwisu Forum PC LAB. Ważną przyczyną uzasadniającą wypowiedzenie jest zamknięcie Serwisu Forum PC LAB
  2. Dotychczas zamowione przez Użytkownika usługi Serwisu Forum PC LAB będą świadczone w okresie wypowiedzenia tj. do dnia 29 listopada 2024 r.
  3. Po ogłoszeniu zamknięcia Serwisu Forum od dnia 30 października 2024 r. zakładanie nowych kont w serwisie Forum PC LAB nie będzie możliwe
  4. Wraz z zamknięciem Serwisu Forum PC LAB, tj. dnia 29 listopada 2024 r. nie będzie już dostępny katalog treści Forum PC LAB. Do tego czasu Użytkownicy Forum PC LAB mają dostęp do swoich treści w zakładce "Profil", gdzie mają możliwość ich skopiowania lub archiwizowania w formie screenshotów.
  5. Administrator danych osobowych Użytkowników - Ringier Axel Springer Polska sp. z o.o. z siedzibą w Warszawie zapewnia realizację praw podmiotów danych osobowych przez cały okres świadczenia usług Serwisu Forum PC LAB. Szczegółowe informacje znajdziesz w Polityce Prywatności

Administrator informuje, iż wraz z zamknięciem Serwisu Forum PC LAB, dane osobowe Użytkowników Serwisu Forum PC LAB zostaną trwale usunięte ze względu na brak podstawy ich dalszego przetwarzania. Proces trwałego usuwania danych z kopii zapasowych może przekroczyć termin zamknięcia Forum PC LAB o kilka miesięcy. Wyjątek może stanowić przetwarzanie danych użytkownika do czasu zakończenia toczących się postepowań.

Temat został przeniesiony do archiwum

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

skwiatek

Problem, karta pamięci i Removable disk

dodany przez skwiatek, w Internet, sieci i bezpieczeństwo

Rekomendowane odpowiedzi

skwiatek    0

skwiatek
Napisano

Witam.

 

Mam problem z moją kartą pamięci. Otóż po włożeniu ją do czytnika laptopa na karcie pamięci jest skrót Removable Disk. Jak wejdę na niego wchodzę na kartę pamięci ale prawie nic co na niej było nie ma. Nie wiem od czego to się zrobiło. Czy mógłby ktoś mi pomóc to odzyskać i usunąć to cholerstwo?

 

 

Dodam, że po włożeniu karty pamięci do telefonu też nic na niej nie widać.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

filutka78    11

filutka78
Napisano
04 - HKLM\..\Policies\Explorer\run : [15397] C:\PROGRA~3\LOCALS~1\Temp\ccvjver.bat

04 - HKLM64\..\Policies\Explorer\run : [15397] C:\PROGRA~3\LOCALS~1\Temp\ccvjver.bat

Infekcję masz na dysku twardym.

Dziwne, że USBFix jej nie usunął.

 

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files

C:\PROGRA~3\LOCALS~1\Temp\ccvjver.bat

ccvjver.bat /alldrives

F:\*.lnk

attrib /d /s -s -h F:\* /C

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

"15397"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\policies\explorer\run]

"15397"=-

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

 

Wejdź na dysk F. Na nim jest folder "bez nazwy" do którego infekcja przesunęła wszystkie dane.

Przenieś z tego folderu pliki poziom wyżej, a folder "bez nazwy" przez SHIFT+DEL skasuj.

 

Zrób nowy log z USBFix z opcji LISTING.

 

F.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

skwiatek    0

skwiatek
Napisano 

All processes killed
========== FILES ==========
File\Folder C:\PROGRA~3\LOCALS~1\Temp\ccvjver.bat not found.
ccvjver.bat not found in C:\
ccvjver.bat not found in D:\
ccvjver.bat not found in F:\
ccvjver.bat not found in H:\
File\Folder F:\*.lnk not found.
[color=#A23BEC]< attrib /d /s -s -h F:\* /C >[/color]
Nie moľna zmieni† atrybutu - F:\Autorun.inf\lpt1.UsbFix
C:\Users\Maciek\Downloads\cmd.bat deleted successfully.
C:\Users\Maciek\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\15397 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\policies\explorer\run\\15397 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Maciek
->Temp folder emptied: 2638996 bytes
->Temporary Internet Files folder emptied: 16325664 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31077229 bytes
->Flash cache emptied: 3108 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 874 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02162014_100807

Files\Folders moved on Reboot...
C:\Users\Maciek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Maciek\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Scan:

 

OTL logfile created on: 2014-02-16 10:13:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maciek\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,48 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 56,20% Memory free
6,95 Gb Paging File | 5,22 Gb Available in Paging File | 75,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 125,03 Gb Total Space | 35,51 Gb Free Space | 28,40% Space Free | Partition Type: NTFS
Drive D: | 148,06 Gb Total Space | 19,97 Gb Free Space | 13,49% Space Free | Partition Type: NTFS
Drive F: | 14,62 Gb Total Space | 8,36 Gb Free Space | 57,18% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MACIEK-KOMPUTER | User Name: Maciek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014-02-16 10:07:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maciek\Downloads\OTL.exe
PRC - [2014-02-15 15:14:05 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\View-Password\ViewPassword153.exe
PRC - [2014-02-15 15:14:05 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\View-Password\ViewPassword_wd.exe
PRC - [2014-02-15 02:44:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-12-16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013-06-26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013-06-26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013-04-03 23:45:53 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011-11-22 23:09:34 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011-11-22 23:09:30 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011-11-17 19:34:00 | 001,548,448 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011-10-19 23:59:44 | 003,331,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\APRP\aprp.exe
PRC - [2011-10-15 02:04:40 | 000,504,488 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011-10-03 23:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011-10-03 19:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2011-07-21 23:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010-08-20 17:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008-12-23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008-08-14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014-02-15 15:14:05 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\View-Password\ViewPassword_wd.exe
MOD - [2014-02-15 07:44:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014-02-15 07:43:56 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014-02-15 07:43:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014-02-15 07:43:33 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014-02-15 07:43:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014-02-15 07:43:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014-02-15 07:43:23 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014-02-15 07:43:11 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014-02-15 07:43:05 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014-02-15 07:42:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014-02-15 02:44:34 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-11-22 23:09:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011-11-17 19:33:58 | 000,209,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011-02-19 06:30:35 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pl_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011-02-19 06:30:28 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_pl_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2010-11-13 03:03:49 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-08-20 17:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010-08-20 17:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014-01-27 21:45:12 | 000,710,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:[b]64bit:[/b] - [2014-01-16 16:06:12 | 000,167,936 | ---- | M] () [Auto | Running] -- c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe -- (SavingsbullFilterService64)
SRV:[b]64bit:[/b] - [2013-11-07 17:20:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013-11-07 11:31:54 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:[b]64bit:[/b] - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014-02-15 15:14:05 | 000,181,248 | ---- | M] () [Auto | Stop_Pending] -- C:\Program Files (x86)\View-Password\ViewPassword153.exe -- (ViewPassword)
SRV - [2014-02-15 02:44:34 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-02-05 17:36:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-12-16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013-12-16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-06-26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013-06-26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013-02-04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013-12-17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:[b]64bit:[/b] - [2013-11-18 12:14:24 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:[/b] - [2013-11-18 12:14:24 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:[b]64bit:[/b] - [2013-11-07 18:24:40 | 013,200,896 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013-11-07 16:49:54 | 000,624,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013-09-24 15:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013-09-19 23:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:[b]64bit:[/b] - [2013-06-26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2013-06-26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2013-06-26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2013-06-26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2013-04-08 18:03:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-10-28 11:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2011-10-28 11:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2011-10-19 22:29:28 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-10-19 22:29:28 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-10-15 02:04:40 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:[b]64bit:[/b] - [2011-10-04 07:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011-08-17 21:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2011-07-15 21:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:[b]64bit:[/b] - [2011-07-15 21:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:[b]64bit:[/b] - [2011-05-13 23:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2011-03-21 14:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011-01-18 10:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010-12-31 11:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-11-20 10:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-02-18 17:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-05-24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011-10-15 02:04:40 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011-09-07 17:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2008-07-26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [string data over 1000 bytes]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..network.proxy.http: "http://unblock.pl"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Maciek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013-04-08 12:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maciek\AppData\Roaming\Mozilla\Extensions
[2014-02-15 15:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\a91wdu24.default\extensions
[2014-02-05 11:18:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\a91wdu24.default\extensions\foxyproxy@eric.h.jung
[2014-02-11 16:06:00 | 000,178,893 | ---- | M] () (No name found) -- C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\a91wdu24.default\extensions\p24ext@przelewy24.pl.xpi
[2014-01-17 07:20:54 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\a91wdu24.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014-02-15 02:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-02-15 02:44:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014-02-15 13:41:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:[b]64bit:[/b] - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [batteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1147C6F5-4E4E-4983-AC02-6A7C4A175F50}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6667D29-D41B-42CD-86FC-C8DDF0DAB9A4}: DhcpNameServer = 192.168.10.100
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-11-18 16:14:40 | 000,008,900 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O32 - AutoRun File - [2014-02-15 19:50:16 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014-02-15 19:50:18 | 000,000,000 | R--D | M] - F:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012-04-25 09:51:38 | 000,536,936 | R--- | M] (Gaming Minds Studios GmbH) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2012-04-25 09:51:38 | 000,420,633 | R--- | M] () - H:\autodata.zip -- [ CDFS ]
O32 - AutoRun File - [2012-04-25 09:51:38 | 000,000,047 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014-02-16 10:08:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-02-15 15:34:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-02-15 15:14:29 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
[2014-02-15 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\View-Password
[2014-02-15 15:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsbullFilter
[2014-02-15 15:13:42 | 000,000,000 | ---D | C] -- C:\temp
[2014-02-15 15:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014-02-15 14:58:27 | 000,000,000 | ---D | C] -- C:\UsbFix
[2014-02-15 14:04:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014-02-15 14:03:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014-02-15 12:29:18 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\ja
[2014-02-15 03:02:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014-02-15 03:01:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-02-15 03:01:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-02-15 03:01:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014-02-15 03:01:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-02-15 03:01:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-02-15 03:01:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-02-15 03:01:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014-02-15 03:01:22 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-02-15 03:01:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014-02-15 03:01:22 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-02-15 03:01:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-02-15 03:01:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-02-15 03:01:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-02-15 03:01:21 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014-02-15 03:01:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-02-15 03:01:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014-02-15 03:01:18 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014-02-15 03:01:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014-02-15 03:01:18 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-02-15 03:01:17 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014-02-15 03:01:15 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-02-15 03:01:14 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-02-15 03:01:04 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-02-15 02:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014-02-14 14:45:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014-02-14 14:45:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014-02-14 14:45:40 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014-02-14 14:45:40 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014-02-14 14:45:40 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014-02-14 14:45:40 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014-02-14 14:45:40 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014-02-14 14:45:39 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014-02-14 14:45:39 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014-02-14 14:45:39 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014-02-14 14:45:39 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014-02-14 14:45:39 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014-02-14 14:45:39 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014-02-14 14:45:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014-02-14 14:45:39 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014-02-14 14:45:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014-02-14 14:45:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014-02-14 14:45:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014-02-14 14:45:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014-02-14 14:45:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014-02-14 14:45:13 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014-02-11 17:53:13 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\52 debiec
[2014-02-09 17:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2014-02-09 17:58:39 | 000,000,000 | ---D | C] -- C:\TMP
[2014-02-07 16:14:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2014-02-07 15:54:07 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\Moje muzyki na youtuba
[2014-02-07 15:50:14 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\{94549A75-FE16-4730-8E9C-EDD46EBB50FD}
[2014-02-07 15:50:14 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\{424037B3-B9A5-4999-80A1-44827425AADE}
[2014-02-07 15:41:00 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Modiac
[2014-02-07 15:41:00 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\Modiac
[2014-02-07 15:40:53 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modiac MP3 to AVI Audio Converter
[2014-02-07 15:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Modiac
[2014-02-07 11:58:07 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\na fotke
[2014-02-05 17:21:34 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Microgaming
[2014-02-05 17:19:42 | 000,000,000 | ---D | C] -- C:\Microgaming
[2014-02-05 17:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2014-02-05 16:35:07 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\Skype
[2014-02-05 16:35:02 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Skype
[2014-02-05 16:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014-02-05 16:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014-02-05 16:34:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014-02-05 16:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014-02-05 16:25:01 | 035,671,200 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Maciek\Desktop\SkypeSetupFull.exe
[2014-02-03 00:42:23 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Real
[2014-02-02 23:56:36 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\tapety xperia
[2014-02-02 10:53:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-02-02 10:52:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-02-02 10:52:57 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-02-02 10:52:57 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-02-02 10:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-02-01 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\PokerStars
[2014-02-01 17:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU
[2014-01-22 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Kalypso Media
[2014-01-22 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\obraz windows
[2014-01-22 09:54:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2014-01-22 09:43:58 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2014-01-22 09:43:58 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\Apps
[2014-01-20 17:42:44 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\htc

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014-02-16 10:12:18 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\View Password Update.job
[2014-02-16 10:12:14 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\View Password_wd.job
[2014-02-16 10:10:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2014-02-16 10:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-02-16 10:10:24 | 2800,361,472 | -HS- | M] () -- C:\hiberfil.sys
[2014-02-16 09:52:27 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-02-16 09:52:15 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1908969247-3456417596-3107910264-1002UA.job
[2014-02-15 19:56:18 | 000,023,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-02-15 19:56:18 | 000,023,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-02-15 19:48:56 | 000,001,450 | ---- | M] () -- C:\Users\Maciek\Desktop\UsbFix.lnk
[2014-02-15 18:20:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1908969247-3456417596-3107910264-1002Core.job
[2014-02-15 15:37:07 | 000,001,305 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2014-02-15 15:14:19 | 001,474,348 | ---- | M] () -- C:\Users\Maciek\Desktop\1345617840-removal-media-data-recovery-demo.exe
[2014-02-15 13:41:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014-02-15 13:26:42 | 001,702,830 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-02-15 13:26:42 | 000,752,536 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-02-15 13:26:42 | 000,666,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-02-15 13:26:42 | 000,160,160 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-02-15 13:26:42 | 000,126,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-02-15 11:02:31 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2014-02-15 10:46:08 | 000,277,707 | ---- | M] () -- C:\Users\Maciek\Desktop\LAMPA.jpg
[2014-02-15 03:04:47 | 001,675,436 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-02-13 13:54:00 | 000,093,402 | ---- | M] () -- C:\Users\Maciek\Desktop\1798874_596131360461035_2022485029_n.jpg
[2014-02-07 15:53:26 | 000,556,700 | ---- | M] () -- C:\Users\Maciek\Desktop\kwiat3k.png
[2014-02-07 15:40:53 | 000,001,379 | ---- | M] () -- C:\Users\Maciek\Desktop\Modiac MP3 to AVI Audio Converter.lnk
[2014-02-06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014-02-06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-02-06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014-02-06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-02-06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014-02-06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014-02-06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014-02-06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-02-06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-02-06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-02-06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-02-06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-02-06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-02-06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-02-06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-02-06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-02-06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-02-06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-02-06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-02-06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-02-06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014-02-06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014-02-05 17:36:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-02-05 17:36:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-02-05 17:19:34 | 000,670,896 | ---- | M] () -- C:\Users\Maciek\Desktop\BetssonMPNpoker.exe
[2014-02-05 16:34:49 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014-02-05 16:25:52 | 035,671,200 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Maciek\Desktop\SkypeSetupFull.exe
[2014-02-01 19:19:12 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014-01-31 15:34:18 | 003,034,756 | ---- | M] () -- C:\Users\Maciek\Desktop\Music Player Pro.apk
[2014-01-31 15:07:44 | 001,974,772 | ---- | M] () -- C:\Users\Maciek\Desktop\Zedge 3.3.1.apk
[2014-01-25 14:29:31 | 001,725,074 | ---- | M] () -- C:\Users\Maciek\Desktop\Najszybszy Wóz w Mieście.mp3
[2014-01-22 11:36:07 | 000,001,606 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2014-01-22 09:43:58 | 000,002,538 | ---- | M] () -- C:\Users\Maciek\Desktop\Windows 7 USB DVD Download Tool.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014-02-15 15:14:19 | 001,474,348 | ---- | C] () -- C:\Users\Maciek\Desktop\1345617840-removal-media-data-recovery-demo.exe
[2014-02-15 15:14:06 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\View Password Update.job
[2014-02-15 15:14:05 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\View Password_wd.job
[2014-02-15 14:58:28 | 000,001,450 | ---- | C] () -- C:\Users\Maciek\Desktop\UsbFix.lnk
[2014-02-15 11:02:31 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2014-02-15 10:42:12 | 000,277,707 | ---- | C] () -- C:\Users\Maciek\Desktop\LAMPA.jpg
[2014-02-13 13:54:00 | 000,093,402 | ---- | C] () -- C:\Users\Maciek\Desktop\1798874_596131360461035_2022485029_n.jpg
[2014-02-07 15:53:26 | 000,556,700 | ---- | C] () -- C:\Users\Maciek\Desktop\kwiat3k.png
[2014-02-07 15:40:53 | 000,001,379 | ---- | C] () -- C:\Users\Maciek\Desktop\Modiac MP3 to AVI Audio Converter.lnk
[2014-02-05 17:19:34 | 000,670,896 | ---- | C] () -- C:\Users\Maciek\Desktop\BetssonMPNpoker.exe
[2014-02-05 16:34:49 | 000,002,699 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014-02-01 19:19:12 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014-01-31 15:34:10 | 003,034,756 | ---- | C] () -- C:\Users\Maciek\Desktop\Music Player Pro.apk
[2014-01-31 15:07:54 | 001,974,772 | ---- | C] () -- C:\Users\Maciek\Desktop\Zedge 3.3.1.apk
[2014-01-25 14:29:29 | 001,725,074 | ---- | C] () -- C:\Users\Maciek\Desktop\Najszybszy Wóz w Mieście.mp3
[2014-01-22 11:36:07 | 000,001,606 | ---- | C] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2014-01-22 09:43:58 | 000,002,538 | ---- | C] () -- C:\Users\Maciek\Desktop\Windows 7 USB DVD Download Tool.lnk
[2014-01-06 00:36:04 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014-01-06 00:36:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013-11-07 18:10:56 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013-11-07 18:10:56 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013-11-07 17:06:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013-11-07 17:06:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013-11-07 12:16:38 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013-04-08 11:50:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2013-04-03 23:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-10-20 00:00:15 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

filutka78    11

filutka78
Napisano
Zrób nowy log z USBFix z opcji LISTING.

 

Jeszcze nie zrobiłeś tego.

 

F.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

skwiatek    0

skwiatek
Napisano

Proszę bardzo.

 

############################## | UsbFix V 7.164 | [Listing]

User: Maciek (Administrator) # MACIEK-KOMPUTER
Updated05/02/2014 by El Desaparecido - Team SosVirus
Started at 14:00:47 | 16/02/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (K53TK)
CPU: AMD A6-3420M APU with Radeon(tm) HD Graphics
RAM -> [Total : 3561 Mo| Free : 2146 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Mozilla Firefox : 27.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 125 Gb (35 Mb free - 28%) [OS] # NTFS
D:\ -> Fixed drive # 148 Gb (20 Mb free - 13%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 15 Gb (8 Mb free - 57%) [] # FAT32
H:\ -> CD-ROM

################## | Listing Beta |

[15/02/2014 - 14:04:30 | SHD] - C:\$RECYCLE.BIN
[15/02/2014 - 15:35:50 | D] - C:\AdwCleaner
[12/11/2013 - 09:51:40 | D] - C:\AMD
[11/10/2011 - 20:37:11 | N | 0 Ko] - C:\ASUS.md5
[20/10/2011 - 00:08:30 | D] - C:\AsusVibeData
[18/11/2013 - 16:14:40 | N | 9 Ko | E99F5517F5014F4098E6E70AE0CD620C] - C:\AutoMapaSetupLog.txt
[29/07/2009 - 07:03:34 | D] - C:\Boot
[14/07/2009 - 02:38:58 | RASH | 375 Ko] - C:\bootmgr
[29/07/2009 - 07:03:37 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[04/04/2013 - 00:01:51 | N | 14 Ko | B81D385DE5C36298A0053A405F4161F9] - C:\devlist.txt
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[03/04/2013 - 23:46:03 | D] - C:\eSupport
[04/04/2013 - 00:01:51 | N | 0 Ko] - C:\Finish.log
[16/02/2014 - 10:10:24 | ASH | 2734728 Ko] - C:\hiberfil.sys
[18/11/2011 - 11:17:57 | N | 2048 Ko] - C:\K43TK.BIN
[01/12/2011 - 03:36:37 | N | 0 Ko] - C:\K43TK_K53TK_K73TK_WIN7.20
[05/02/2014 - 17:19:42 | D] - C:\Microgaming
[30/11/2013 - 16:20:57 | RD] - C:\MSOCache
[16/02/2014 - 10:10:29 | ASH | 3646304 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[15/02/2014 - 15:13:50 | D] - C:\Program Files
[15/02/2014 - 15:35:50 | D] - C:\Program Files (x86)
[09/02/2014 - 17:58:47 | D] - C:\ProgramData
[08/04/2013 - 11:47:12 | D] - C:\Recovery
[01/12/2011 - 03:36:37 | N | 0 Ko] - C:\RECOVERY.DAT
[03/04/2013 - 23:38:50 | N | 2 Ko] - C:\RHDSetup.log
[03/04/2013 - 23:44:03 | N | 0 Ko] - C:\setup.log
[16/02/2014 - 03:00:23 | SHD] - C:\System Volume Information
[15/02/2014 - 15:13:48 | D] - C:\temp
[09/02/2014 - 17:58:39 | D] - C:\TMP
[16/02/2014 - 14:00:42 | D] - C:\UsbFix
[15/02/2014 - 15:47:28 | N | 10 Ko | 6669688A1ABE396EDED253B427708E7E] - C:\UsbFix [Clean 2] MACIEK-KOMPUTER.txt
[15/02/2014 - 19:50:17 | A | 10 Ko | E3917C7A7F879202A333B79584C9F5F1] - C:\UsbFix [Clean 4] MACIEK-KOMPUTER.txt
[16/02/2014 - 14:00:50 | A | 3 Ko | 2DF0A0ADDD954CF6D14D883C12278C82] - C:\UsbFix [Listing 1] MACIEK-KOMPUTER.txt
[15/02/2014 - 15:03:04 | N | 8 Ko | 42EA521246CE4FFF4EADAAE843FD8362] - C:\UsbFix [scan 1] MACIEK-KOMPUTER.txt
[08/04/2013 - 11:49:35 | D] - C:\Users
[15/02/2014 - 15:50:21 | D] - C:\Windows
[16/02/2014 - 10:08:07 | D] - C:\_OTL
[08/04/2013 - 11:50:24 | D] - D:\$RECYCLE.BIN
[15/02/2014 - 19:50:16 | RASHD] - D:\Autorun.inf
[28/12/2013 - 12:41:28 | D] - D:\Dodatki
[09/02/2014 - 18:20:18 | D] - D:\Filmy
[01/01/2014 - 10:54:05 | D] - D:\Focisze
[15/02/2014 - 10:59:05 | D] - D:\Gry
[03/02/2014 - 21:26:35 | D] - D:\mmuuuzaaa
[15/02/2014 - 11:02:35 | D] - D:\msdownld.tmp
[15/02/2014 - 03:33:53 | D] - D:\Obrazy gier
[03/04/2013 - 23:26:40 | SHD] - D:\System Volume Information
[15/02/2014 - 12:59:00 | D] - F:\ 
[15/02/2014 - 19:50:18 | RAD] - F:\Autorun.inf

################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

filutka78    11

filutka78
Napisano
[15/02/2014 - 12:59:00 | D] - F:\

Widzę, że w dalszym ciągu jest ten folder bez nazwy, więc nie wykonałeś tego zalecenia:

Wejdź na dysk F. Na nim jest folder "bez nazwy" do którego infekcja przesunęła wszystkie dane.

Przenieś z tego folderu pliki poziom wyżej, a folder "bez nazwy" przez SHIFT+DEL skasuj.

Napisz, jaki rezultat?

 

F.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

skwiatek    0

skwiatek
Napisano

No jest ok. Powiedzmy... Straciłem wszystkie zdjęcia z karty pamięci.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

filutka78    11

filutka78
Napisano

No jest ok. Powiedzmy... Straciłem wszystkie zdjęcia z karty pamięci.

Nie było ich w tym folderze bez nazwy?

 

F.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

filutka78    11

filutka78
Napisano

Był folder w którym powinny one być ale jest pusty.

To nie wiem, w jaki sposób zniknęły.

 

F.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Przejdź do listy tematów

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

  • Tematy

  • Odpowiedzi

    • ShizzeR
      Komputer do 5500 z monitorem

      Przez ShizzeR · Napisano

      Cześć all Znajomy chce złożyć nowego kompa Prosiłbym coś doradzić na temat tego zestawu  Przedział to 5500-6000zł wraz z monitorem  MSI B550-A PRO AMD Ryzen 5 5600X Cooler Master MWE GOLD-V2. 750W 80 Plus Gold Kingston FURY 32GB (2x16GB) 3200MHz CL16 Beast Black Genesis IRID 505F Gigabyte GeForce RTX 4060 Ti Eagle 8G GDDR6 Silver Monkey X STORMY 120mm Lexar 1TB M.2 PCle Gen4 NVMe NQ790 BenQ ZOWIE XL254OK czarny https://ibb.co/3WRkpmk ( zdjęcie zestawu )
    • indexinfio
      Zamknięcie forum

      Przez indexinfio · Napisano

      Siedem to jeszcze niedużo. Są osoby, które mają na przykład ponad setkę latarek. Ja zgromadziłem tylko kilkanaście.
    • RyszardGTS
      Zamknięcie forum

      Przez RyszardGTS · Napisano

      Siedem multimetrów.... okeeejjjjjjjjjjjj........ https://i.giphy.com/HoCPpVFKfvK5HRugp3.webp
    • Grandal
      Zamknięcie forum

      Przez Grandal · Napisano

      Hmmmm, tak się zastanawiałem jaki ja mam fetysz i opanować się nie mogę. Wyszło na to, że to multimetry. Mam ich chyba z siedem nie licząc zabawek z biedry. Jak nie mam już co mierzyć to biorę sondy w łapę i straszę dzieciaki uważające, że w domu to tylko ojciec jest dziadersem. Dziadersem, który nie rozumie współczesnej młodzieży.  No, kuźwa... nie rozumiem i tyle. 
    • mjd79
      Zamknięcie forum

      Przez mjd79 · Napisano

      Weź sprzedaj tego Phenoma i kup FX 8300  Będzie na pewno sporo lepiej, a teraz ludzie chcą za te procki grosze. W dodatku na Twojej płycie na spokojnie go podkręcisz wyżej niż na 4GHz, nawet przy chłodzeniu pokroju Spartana Pro - a zegar to właściwie jedyna przewaga wyższych modeli nad tym.  P.S. Normalnie nikomu w życiu nie proponowałbym FX'a, ale skoro chłop zaszalał na tyle by kupić 32GB RAM'u i ma jedną z lepszych płyt to co ma do stracenia  Jakiś czas temu widziałem 8300 z Spartanem 3 Pro ARGB za 7 dych, jak poszuka to sam procek za 50/60 upoluje, a na Phenoma może za te 40 zł znajdzie jelenia Co do NVMe w razie czego służę pomocą, modułami w UEFI bawiłem się już nie raz.

  • Aktywni użytkownicy

×
×
  • Dodaj nową pozycję...