Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help please more than 3k viruses and returning


  • Please log in to reply
9 replies to this topic

#1 kwik129

kwik129

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 11 May 2017 - 06:35 AM

Hi I'm in big need for help i have some stupid virused dont know from where. Virs like qqbrowses, winsap, winsnare, kitty.exe, bagsarah etc. I deleted with Malwarebytes and thought it'll be okay but to my suprise after couple of days it has return. I dont know what to do. I have latest version of malwarebytes and anti-exploit


Edited by hamluis, 11 May 2017 - 08:10 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:14 AM

Posted 11 May 2017 - 08:52 AM

Welcome kwik

Look in your Control Panel, Remove programs for a Kiity app and uninstall.. Restart machine.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • [/list]
    [/list] zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • [/list] >>>

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kwik129

kwik129
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 21 May 2017 - 05:43 PM

Sorry for late respones i had no internet due to viruses i'll upload soon and i have odd situation mbam deleted viruses ok then i found probably in windows folder i dont remember file that was made in 1900 year i took screenshot but i can't find it. When i deleted this file my pc went berserk any app is running on 100% cpu. When i run "fixing tool" when turning on pc it says the problem is unknow change in windows config



#4 kwik129

kwik129
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 23 May 2017 - 01:07 PM

FIRST SCANS

 

ADW CLEANER

____________________________________________________________________________________

# AdwCleaner v6.047 - raport utworzono 22/05/2017 o 01:25:24
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Skanowanie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

Wykryto usługę: BCUService
Wykryto usługę: bcuservice
Wykryto usługę: SNARE

***** [ Foldery ] *****

Wykryto folder: C:\Program Files (x86)\DeviceVM
Wykryto folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Wykryto folder: C:\Program Files (x86)\reports
Wykryto folder: C:\Users\Arleta\AppData\Roaming\Firefox
Wykryto folder: C:\Users\Arleta\AppData\Local\Firefox
Wykryto folder: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

***** [ Pliki ] *****

Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\gamingwonderland.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\internetspeedtracker.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\televisionfanatic.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\www.clipconverter[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\gamingwonderland.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\getvideoconvert.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\internetspeedtracker.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\televisionfanatic.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\KT9V6JSE\filmfanatic2.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\a.clipconverter[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\filmfanatic2.dl.myway[1].xml
Wykryto plik: C:\Program Files (x86)\settings.dat
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage-journal

***** [ DLL ] *****

Nie wykryto szkodliwych bibliotek DLL.

***** [ WMI ] *****

Nie wykryto szkodliwych kluczy.

***** [ Skróty ] *****

Nie wykryto zainfekowanych skrótów.

***** [ Zaplanowane zadania ] *****

Nie wykryto szkodliwych zadań.

***** [ Rejestr ] *****

Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\a.clipconverter.cc
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\clipconverter.cc
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\getvideoconvert.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.clipconverter.cc
Wykryto klucz: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Wykryto klucz: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Wykryto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Wykryto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wykryto klucz: HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Wykryto klucz: HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Wykryto klucz: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Wykryto wartość: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Wykryto klucz: HKU\.DEFAULT\Software\ompndb
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\GetPrivate
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\PRODUCTSETUP
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\WinSnare
Wykryto klucz: HKU\S-1-5-18\Software\ompndb
Wykryto klucz: HKCU\Software\GetPrivate
Wykryto klucz: HKCU\Software\PRODUCTSETUP
Wykryto klucz: HKCU\Software\WinSnare
Wykryto klucz: HKLM\SOFTWARE\ompndb
Wykryto klucz: HKLM\SOFTWARE\amule-custom
Wykryto klucz: HKLM\SOFTWARE\SoEasySvc
Wykryto klucz: HKLM\SOFTWARE\Bagsarah
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
Wykryto klucz: [x64] HKCU\Software\GetPrivate
Wykryto klucz: [x64] HKCU\Software\PRODUCTSETUP
Wykryto klucz: [x64] HKCU\Software\WinSnare
Wykryto klucz: [x64] HKLM\SOFTWARE\ompndb
Wykryto klucz: [x64] HKLM\SOFTWARE\InterSect Alliance
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]

***** [ Przeglądarki internetowe ] *****

Nie wykryto szkodliwych obiektów w przeglądarkach opartych na Firefoksie.
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - omniboxes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - delta-homes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.delta-homes.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - audio-amplifier-pro.en.softonic.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - startpageing123.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - startpageing123
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - audio-amplifier-pro.en.softonic.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - omniboxes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - delta-homes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - search.delta-homes.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [12165 bajty] - [22/05/2017 01:25:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12239 bajty] ##########

___________________________________________________________________________________

 

 

 

 

JRT SCAN

________________________________________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Arleta (Administrator) on 2017-05-22 at  1:30:23,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 50

Successfully deleted: C:\ai_recyclebin (Folder)
Successfully deleted: C:\ProgramData\alawarwrapper (Folder)
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel (Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal (File)
Successfully deleted: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage (File)
Successfully deleted: C:\Users\Arleta\AppData\Roaming\alawar (Folder)
Successfully deleted: C:\users\Public\Documents\alawarwrapper (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\GUTC9A7.tmp (File)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\008KTZ0X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KE5VQOV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XP3G74N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZYPIUMT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49UQBRX3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53HX2YNK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIF3BBTY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D88S3E6S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHFLYBBZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EW5QWWKC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK4ZIB32 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7M2Q6S3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3T7TRI5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8LMIVUJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBRDABGV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLGS8WAK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\008KTZ0X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KE5VQOV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XP3G74N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZYPIUMT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49UQBRX3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53HX2YNK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIF3BBTY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D88S3E6S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHFLYBBZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EW5QWWKC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK4ZIB32 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7M2Q6S3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3T7TRI5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8LMIVUJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBRDABGV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLGS8WAK (Temporary Internet Files Folder)

 

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\BCUService (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-05-22 at  1:39:34,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

MTB

_____________________________________________________________________________

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Arleta (administrator) on 22-05-2017 at 00:43:25
Running from "C:\Users\Arleta\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: N68S3+ Manufacturer: BIOSTAR Group
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Konfiguracja IP systemu Windows

Pomylnie oprniono pami podrczn programu rozpoznawania nazw DNS.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 www.mirillis.com
127.0.0.1 s0ft4pc.com
127.0.0.1 serwer2.paka-service.com
127.0.0.1 https://www.youtube.com/watch?v=AlJd1uwLWSA&index=68&list=PLpGUOXjyiIcYiBug4-0uIvp9D6WIDrzxu
127.0.0.1 http://www.cda.pl/video/5496855c
127.0.0.1 https://apps.facebook.com/wiejskiezycie/?ref_notif=C20150127&fb_source=notification&ref=notif&notif_t=app_notification
127.0.0.1 https://apps.facebook.com/cross-stitch-world/?fb_source=sidebar_bookmark
127.0.0.1 https://apps.facebook.com/cross-stitch-world
127.0.0.1 apps.facebook.com/cross-stitch-world
127.0.0.1 www.facebook.com/cross-stitch-world128.199.121.125                   skisaaydp.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
74.86.5.247 apowersoft.com
127.0.0.1 74.86.5.247
127.0.0.1 bandicam.com
========================= IP Configuration: ================================

GlobeTrotter GI0505 - Network Interface = Komórkowe połączenie szerokopasmowe 5 (Connected)
Kontroler sieci NVIDIA nForce = Połączenie lokalne 2 (Media disconnected)

# ----------------------------------
# Konfiguracja IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# Koniec konfiguracji IPv4

 

Konfiguracja IP systemu Windows

   Nazwa hosta . . . . . . . . . . . : Arleta-Komputer
   Sufiks podstawowej domeny DNS . . :
   Typ w©za . . . . . . . . . . . . : Hybrydowy
   Routing IP wĄczony . . . . . . . : Nie
   Serwer WINS Proxy wĄczony. . . . : Nie

Karta kom˘rkowego poĄczenia szerokopasmowego Kom˘rkowe poĄczenie szerokopasmowe 5:

   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : GlobeTrotter GI0505 - Network Interface #3
   Adres fizyczny. . . . . . . . . . :
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
   Adres IPv4. . . . . . . . . . . . . : 10.254.181.251(Preferowane)
   Maska podsieci. . . . . . . . . . : 255.255.255.255
   Brama domylna. . . . . . . . . . : 10.254.181.252
   Serwery DNS . . . . . . . . . . . : 194.204.159.1
                                       194.204.152.34
   NetBIOS przez Tcpip . . . . . . . : WĄczony

Karta Ethernet PoĄczenie lokalne 2:

   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Kontroler sieci NVIDIA nForce
   Adres fizyczny. . . . . . . . . . : 00-30-67-88-07-08
   DHCP wĄczone . . . . . . . . . . : Tak
   Autokonfiguracja wĄczona . . . . : Tak

Karta tunelowa isatap.{8233B5F5-ABF5-42B8-AA0A-1C551190EF5B}:

   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak

Karta tunelowa isatap.{BEB6F863-2C50-4614-947A-7E67B5A96F25}:

   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #2
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak

Karta tunelowa Teredo Tunneling Pseudo-Interface:

   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
   Adres IPv6. . . . . . . . . . . . : 2001:0:9d38:90d7:83c:d8a:f501:4a04(Preferowane)
   Adres IPv6 poĄczenia lokalnego . : fe80::83c:d8a:f501:4a04%14(Preferowane)
   Brama domylna. . . . . . . . . . : ::
   NetBIOS przez Tcpip . . . . . . . : WyĄczony
Serwer:  dns.tpsa.pl
Address:  194.204.159.1

Nazwa:   google.com
Addresses:  2a00:1450:401b:800::200e
   172.217.20.206
   172.217.20.206
   172.217.20.206

Badanie google.com [172.217.20.206] z 32 bajtami danych:
Odpowied« z 172.217.20.206: bajt˘w=32 czas=78ms TTL=51
Odpowied« z 172.217.20.206: bajt˘w=32 czas=77ms TTL=51

Statystyka badania ping dla 172.217.20.206:
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0
             (0% straty),
Szacunkowy czas bĄdzenia pakiet˘w w millisekundach:
    Minimum = 77 ms, Maksimum = 78 ms, Czas redni = 77 ms
Serwer:  dns.tpsa.pl
Address:  194.204.159.1

Nazwa:   yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   206.190.36.45
   98.139.183.24
   98.138.253.109

Badanie yahoo.com [98.138.253.109] z 32 bajtami danych:
Odpowied« z 98.138.253.109: bajt˘w=32 czas=188ms TTL=46
Odpowied« z 98.138.253.109: bajt˘w=32 czas=188ms TTL=46

Statystyka badania ping dla 98.138.253.109:
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0
             (0% straty),
Szacunkowy czas bĄdzenia pakiet˘w w millisekundach:
    Minimum = 188 ms, Maksimum = 188 ms, Czas redni = 188 ms

Badanie 127.0.0.1 z 32 bajtami danych:
Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128
Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128

Statystyka badania ping dla 127.0.0.1:
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0
             (0% straty),
Szacunkowy czas bĄdzenia pakiet˘w w millisekundach:
    Minimum = 0 ms, Maksimum = 0 ms, Czas redni = 0 ms
===========================================================================
Lista interfejs˘w
 17...........................GlobeTrotter GI0505 - Network Interface #3
 12...00 30 67 88 07 08 ......Kontroler sieci NVIDIA nForce
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP
 22...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP #2
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

Tabela tras IPv4
===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci   Maska sieci      Brama          Interfejs Metryka
          0.0.0.0          0.0.0.0   10.254.181.252   10.254.181.251    286
   10.254.181.251  255.255.255.255         On-link    10.254.181.251    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Trasy trwae:
  Brak

Tabela tras IPv6
===========================================================================
Aktywne trasy:
 Jeli Metryka Miejsce docelowe w sieci      Brama
 14     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:9d38:90d7:83c:d8a:f501:4a04/128
                                    On-link
 14    306 fe80::/64                On-link
 14    306 fe80::83c:d8a:f501:4a04/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
===========================================================================
Trasy trwae:
  Brak
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/22/2017 12:42:01 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x39c
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/22/2017 12:36:04 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xf6c
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/22/2017 12:36:00 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xe74
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/22/2017 12:35:56 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x8c8
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/22/2017 12:05:13 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: FlashPlayerUpdateService.exe, wersja: 20.0.0.228, sygnatura czasowa: 0x56c53601
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000
Identyfikator procesu powodującego błąd: 0xe04
Godzina uruchomienia aplikacji powodującej błąd: 0xFlashPlayerUpdateService.exe0
Ścieżka aplikacji powodującej błąd: FlashPlayerUpdateService.exe1
Ścieżka modułu powodującego błąd: FlashPlayerUpdateService.exe2
Identyfikator raportu: FlashPlayerUpdateService.exe3

Error: (05/21/2017 11:51:21 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x85c
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/21/2017 11:51:08 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x9dc
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/21/2017 11:05:25 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: AdobeARM.exe, wersja: 1.824.21.4663, sygnatura czasowa: 0x58a2ce33
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000
Identyfikator procesu powodującego błąd: 0xa88
Godzina uruchomienia aplikacji powodującej błąd: 0xAdobeARM.exe0
Ścieżka aplikacji powodującej błąd: AdobeARM.exe1
Ścieżka modułu powodującego błąd: AdobeARM.exe2
Identyfikator raportu: AdobeARM.exe3

Error: (05/21/2017 10:55:23 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: NvTmMon.exe, wersja: 24.0.0.0, sygnatura czasowa: 0x58cfb008
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000
Identyfikator procesu powodującego błąd: 0x428
Godzina uruchomienia aplikacji powodującej błąd: 0xNvTmMon.exe0
Ścieżka aplikacji powodującej błąd: NvTmMon.exe1
Ścieżka modułu powodującego błąd: NvTmMon.exe2
Identyfikator raportu: NvTmMon.exe3

Error: (05/21/2017 06:10:45 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: AcroRd32.exe, wersja: 11.0.20.17, sygnatura czasowa: 0x585ef3aa
Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.23418, sygnatura czasowa: 0x5708a73e
Kod wyjątku: 0xc0000374
Przesunięcie błędu: 0x000ce843
Identyfikator procesu powodującego błąd: 0x6f8
Godzina uruchomienia aplikacji powodującej błąd: 0xAcroRd32.exe0
Ścieżka aplikacji powodującej błąd: AcroRd32.exe1
Ścieżka modułu powodującego błąd: AcroRd32.exe2
Identyfikator raportu: AcroRd32.exe3

System errors:
=============
Error: (05/22/2017 12:41:57 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:37:49 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:53 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:37 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:36 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:36 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:33 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:29 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:29 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/22/2017 12:35:27 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

 

Microsoft Office Sessions:
=========================
Error: (05/22/2017 12:42:01 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e339c01d2d283756bbf30C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exeb4015a20-3e76-11e7-ae21-003067880708

Error: (05/22/2017 12:36:04 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3f6c01d2d282a0e4db20C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exedf0f0a10-3e75-11e7-ae21-003067880708

Error: (05/22/2017 12:36:00 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3e7401d2d2829e77abb0C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exedca1b390-3e75-11e7-ae21-003067880708

Error: (05/22/2017 12:35:56 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e38c801d2d27e2f0a2928C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exeda5fb2d0-3e75-11e7-ae21-003067880708

Error: (05/22/2017 12:05:13 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe20.0.0.22856c53601unknown0.0.0.000000000c000000500000000e0401d2d27e4ecca768C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeunknown90224cb8-3e71-11e7-ae21-003067880708

Error: (05/21/2017 11:51:21 PM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e385c01d2d27c61ce81f8C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exea002bb38-3e6f-11e7-ae21-003067880708

Error: (05/21/2017 11:51:08 PM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e39dc01d2d24e38204a40C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe97fa51d0-3e6f-11e7-ae21-003067880708

Error: (05/21/2017 11:05:25 PM) (Source: Application Error)(User: )
Description: AdobeARM.exe1.824.21.466358a2ce33unknown0.0.0.000000000c000000500000000a8801d2d275e742d0c0C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeunknown34d36980-3e69-11e7-ae21-003067880708

Error: (05/21/2017 10:55:23 PM) (Source: Application Error)(User: )
Description: NvTmMon.exe24.0.0.058cfb008unknown0.0.0.000000000c00000050000000042801d2d274827f0740C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exeunknownce4dbc20-3e67-11e7-ae21-003067880708

Error: (05/21/2017 06:10:45 PM) (Source: Application Error)(User: )
Description: AcroRd32.exe11.0.20.17585ef3aantdll.dll6.1.7601.234185708a73ec0000374000ce8436f801d2d24936b8e450C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeC:\Windows\SysWOW64\ntdll.dll0b1efa10-3e40-11e7-ae21-003067880708

CodeIntegrity Errors:
===================================
  Date: 2017-05-18 15:21:05.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:05.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:05.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:05.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:04.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:04.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:04.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:04.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:20:32.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:20:32.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

3D Ripper DX v1.8.2 (HKLM-x32\...\3D Ripper DX_is1) (Version:  - Roman Lut)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.3.0 - Mirillis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\{7B0961DB-15EB-41AF-85DA-C296924CA408}) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
Aktualizacje NVIDIA 23.23.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.23.30.0 - NVIDIA Corporation) Hidden
amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.78 - NVIDIA Corporation) Hidden
Any Video Converter Ultimate 5.9.7 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtMoney SE v7.45 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.45 - System SoftLab)
Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
Aveyond I - Rhen's Quest (HKLM-x32\...\Aveyond I - Rhen's Quest) (Version:  - Amaranth Games, LLC)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.4.0.1227 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Beach Volleyball (remove only) (HKLM-x32\...\BeachVolleyball) (Version:  - )
BIK Player (HKLM-x32\...\{C755A3D1-0C93-4B0C-94C4-41C178116B64}_is1) (Version:  - bikplayer.com)
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: 2.0.16 - BikaQ)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM)
Bud Redhead - The Time Chase (HKLM-x32\...\Bud Redhead - The Time Chase_is1) (Version:  - )
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6140 - CDBurnerXP)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Chicken Invaders 4 (HKLM-x32\...\{3C420923-E434-42A4-AB5A-F5DD8277B2BD}_is1) (Version:  - )
Chicken Invaders 5 - Cluck of the Dark Side (HKLM-x32\...\Chicken Invaders 5 - Cluck of the Dark Side1.1) (Version: 1.1 - Foxy Games)
Chicken Invaders: Ultimate Omelette v4.13 (HKLM-x32\...\Chicken Invaders: Ultimate Omelette_is1) (Version:  - InterAction studios)
Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 8.1.1.0666 - Disc Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.00 - NCH Software)
Devil May Cry 3  Edycja Specjalna (HKLM-x32\...\{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}) (Version: 1.00.000 - CAPCOM)
Devil May Cry 3 patch 1.3.0 (HKLM-x32\...\{9C46BFE9-5687-410B-97D5-8F58AA0E6FBE}) (Version: 1.3.0 - )
DX Lines (HKLM-x32\...\DX Lines) (Version:  - )
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
EMCO MAC Address Scanner 1.3 (HKLM\...\{30EC7CBC-B928-4342-B570-FEDE3BFF2415}) (Version: 1.3.2.475 - EMCO Software)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
Firemin 4615 (HKLM\...\Firemin_is1) (Version: 4615 - Rizonesoft)
Flatspace (remove only) (HKLM-x32\...\Flatspace) (Version:  - )
FormatFactory 4.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.1.0.0 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Video Cutter Expert (remove only) (HKLM\...\Free Video Cutter Expert) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Gwiezdny obrońca 3 (HKLM-x32\...\Gwiezdny obrońca 3) (Version:  - Alawar Entertainment Inc.)
Ice Pack for Pocket Tanks Deluxe (HKLM-x32\...\Ice Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
KIANO USB modem (HKLM\...\KIANO USB modem_is1) (Version:  - )
LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts) Hidden
LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
Letasoft Sound Booster version 1.1 (HKLM-x32\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.1 - Letasoft LLC)
Light&Shadow Demo 1.05 (HKLM-x32\...\Light&Shadow Demo_is1) (Version:  - Lemonade Productions)
LightWeight Ninja (HKLM-x32\...\LightWeight Ninja) (Version:  - )
liteCam HD (HKLM-x32\...\{73D0840C-FAE6-42F2-9F21-06322172CAAE}) (Version: 4.32.0000 - RSUPPORT)
Machete 4.4 (HKLM-x32\...\{5D20BB95-BF3D-4A5D-992A-4F481911769A}) (Version: 4.4.22 - MacheteSoft)
Machete Lite 4.4 (HKLM-x32\...\{5AA5F026-2C4C-44CB-BD20-36CE891BABCB}) (Version: 4.4.11 - MacheteSoft)
Magiczny Sklep (HKLM-x32\...\Magiczny Sklep_is1) (Version:  - Nowe Media)
Malwarebytes (wersja 3.0.6.1458) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1458 - Malwarebytes)
Marbles Deluxe 1.31a (HKLM-x32\...\Marbles Deluxe Free Version_is1) (Version:  - )
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
Panel sterowania NVIDIA 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 378.78 - NVIDIA Corporation) Hidden
Party Pack for Pocket Tanks Deluxe (HKLM-x32\...\Party Pack for Pocket Tanks Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
Pdniebne Taxi (HKLM-x32\...\{D946870C-47B6-4FBA-936C-D3723461EB32}_is1) (Version:  - nowe-media.eu)
Pharaoh's Secret (HKLM-x32\...\{C593D6E0-F575-4219-91BF-E2432E8785EF}_is1) (Version:  - nowe-media.eu)
PicosmosTools 1.8.0.0 (HKLM-x32\...\PicosmosTools) (Version: 1.8.0.0 - Free Time)
Pirates of the Caribbean - At Worlds End (HKLM-x32\...\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}) (Version: 1.0 - Disney Interactive Studios)
Plasma Pack for Pocket Tanks Deluxe (HKLM-x32\...\Plasma Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Podniebne kulki: Deluxe (HKLM-x32\...\Podniebne kulki: Deluxe) (Version:  - Alawar Entertainment Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
RefreshPC (HKLM\...\RefreshPC_is1) (Version: 2.0 - WareSoft Software)
Rejestracja użytkownika drukarki Canon MP280 series (HKLM-x32\...\Rejestracja użytkownika drukarki Canon MP280 series) (Version:  - )
Rejestrator Ekranu Apowersoft V2.1.3 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.1.3 - APOWERSOFT LIMITED)
Remove Logo Now! 1.0 (HKLM-x32\...\Remove Logo Now!_is1) (Version: 1.0 - SoftOrbits)
Restaurant Empire (HKLM-x32\...\{9C0A9803-4592-11D7-B796-0050BFE4DB80}) (Version:  - )
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Rocket Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Rocket Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.00.0000 - RSUPPORT)
Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version:  - )
SerpentHead '99 (HKLM-x32\...\SerpentHead '99) (Version:  - )
SerpentHead Revisited (HKLM-x32\...\SerpentHead Revisited_is1) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splash (HKLM-x32\...\Mirillis Splash) (Version: 2.0.1 - Mirillis)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stupid Invaders (HKLM-x32\...\Stupid Invaders) (Version:  - )
Super Collapse 3 Free Trial (HKLM-x32\...\Super Collapse 3 Free Trial_is1) (Version:  - GameHouse)
Superstar Chefs Full Version 1.29 (HKLM-x32\...\Superstar Chefs Full Version_is1) (Version:  - Arcade Lab)
Sweet MIDI Player 32 (remove only) (HKLM-x32\...\Sweet MIDI Player 32) (Version:  - )
Śnieżek i Wyspa Zagadek (HKLM-x32\...\Śnieżek i Wyspa Zagadek) (Version:  - Alawar Entertainment Inc.)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Tiny Worlds (HKLM-x32\...\Tiny Worlds) (Version:  - Alawar Entertainment Inc.)
Turtix - Misja Ratunkowa (HKLM-x32\...\Turtix - Misja Ratunkowa) (Version:  - Alawar Entertainment Inc.)
uCAN®Connect (HKLM\...\{B3A60A37-A49D-4827-B960-84EDD0C5299B}) (Version: 2.2.3.230 - Option) Hidden
uCAN®Connect (HKLM-x32\...\{9941ABED-87FF-413B-9E89-15F60487AEC7}_x) (Version: 2.2.3.230 - Option)
Uninstall Restaurant Empire Demo (HKLM-x32\...\{6B579E15-40D3-11D7-B796-0050BFE4DB80}) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update_msi (HKLM-x32\...\{59B5A9CD-253D-4C41-A073-B387D4C9672D}) (Version: 1.0.0 - Default Company Name)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WebM Project Directshow Filters (HKCU\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Win7 MAC Address Changer version 2.0 (HKLM-x32\...\{F9A76116-6D56-4CEA-830E-E95C168DC95B}_is1) (Version: 2.0 - Zokali)
WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{36C065F3-1232-4BEF-9948-B47CD2ED68CF}) (Version: 4.3.0 - WinSnare)
Wonderlines (HKLM-x32\...\Wonderlines) (Version:  - Alawar Entertainment Inc.)
Xeno Assault (HKLM-x32\...\Xeno Assault) (Version:  - Alawar Entertainment Inc.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zzed (HKLM-x32\...\Zzed) (Version:  - Alawar Entertainment Inc.)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 4095.37 MB
Available physical RAM: 2341.91 MB
Total Virtual: 4109.55 MB
Available Virtual: 1928.78 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:146.48 GB) (Free:1.73 GB) NTFS
3 Drive d: () (Fixed) (Total:319.27 GB) (Free:5.2 GB) NTFS

========================= Users: ========================================

Konta uľytkownik˘w dla \\ARLETA-KOMPUTER

Administrator            Arleta                   Go†                    
Polecenie zostao wykonane pomylnie.

**** End of log ****

 

 

 

 

 

 

 

 

ESET SCAN

_______________________________________________________________________________

C:\install.exe a variant of Win32/Expiro.CG virus
C:\$RECYCLE.BIN\S-1-5-21-3413610820-2486416330-431115022-1000\$R1UM212.exe a variant of Win32/Expiro.CG virus
C:\$RECYCLE.BIN\S-1-5-21-3413610820-2486416330-431115022-1000\$RV9K8JG.exe a variant of Win32/Expiro.CG virus
C:\19bb04ec4c9358abea76\Setup.exe a variant of Win32/Expiro.CG virus
C:\19bb04ec4c9358abea76\SetupUtility.exe a variant of Win32/Expiro.CG virus
C:\mvs\winrar\WinRARPortable\App\WinRAR\Rar.exe a variant of Win32/Expiro.CG virus
C:\mvs\winrar\WinRARPortable\App\WinRAR\UnRAR.exe a variant of Win32/Expiro.CG virus
C:\mvs\winrar\WinRARPortable\App\WinRAR\WinRAR.exe a variant of Win32/Expiro.CG virus
C:\mvs\winrar\WinRARPortable\App\WinRAR-x64\Ace32Loader.exe a variant of Win32/Expiro.CG virus
C:\Program Files\CamStudio 2.7\CamCommandLine.exe a variant of Win32/Expiro.CG virus
C:\Program Files\CamStudio 2.7\Player.exe a variant of Win32/Expiro.CG virus
C:\Program Files\CamStudio 2.7\PlayerPlus.exe a variant of Win32/Expiro.CG virus
C:\Program Files\CamStudio 2.7\Producer.exe a variant of Win32/Expiro.CG virus
C:\Program Files\CamStudio 2.7\Recorder.exe a variant of Win32/Expiro.CG virus
C:\Program Files\DAEMON Tools Pro\InstallGadget.exe a variant of Win32/Expiro.CG virus
C:\Program Files\KIANO USB modem\App.exe a variant of Win32/Expiro.CG virus
C:\Program Files\KIANO USB modem\Install.exe a variant of Win32/Expiro.CG virus
C:\Program Files\KIANO USB modem\WCDMA_Eject.exe a variant of Win32/Expiro.CG virus
C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe a variant of Win32/Expiro.CG virus
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Ansel\Tools\HighresBlender32.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraEnable.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Ansel\Tools\NvImageConvert32.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Ansel\Tools\SphericalEquirect32.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{125CEB0D-D993-4B6E-9F52-92D4061305F9}\setup.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Installer2\installer.{40DF1221-78B7-469F-A47B-91C1D39680B0}\NVNetworkService.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Installer2\installer.{933872FE-C1CF-462A-B216-5709EDCD0976}\NVNetworkService.exe a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE a variant of Win32/Expiro.CG virus
C:\Program Files\NVIDIA Corporation\NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe a variant of Win32/Expiro.CG virus
C:\Program Files\OBS\QSVHelper.exe a variant of Win32/Expiro.CG virus
C:\Program Files\OBS\plugins\GraphicsCapture\injectHelper.exe a variant of Win32/Expiro.CG virus
C:\Program Files\WinRAR\Ace32Loader.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Jirary wir znak zapytania.rar multiple threats
C:\Program Files (x86)\3DRipperDX\DX3DRipper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\4dots Software\Free Video Cutter Expert\ffmpeg.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\4dots Software\Free Video Cutter Expert\mplayer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroBroker.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32Info.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroTextExtractor.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\arh.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroExt\AcroExt.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_console.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\AVCUltimate.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\SendSignal.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\dvdauthor.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\ffmpeg.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\FlvBind.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\MP4Box.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\mp4creator.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\mpeg2desc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\rtmpdump.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\spumux.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\spuunmux.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Anvsoft\Any Video Converter Ultimate\gnu\avc\mplayer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Wma.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Arcade Lab\Superstar Chefs (Full Version)\Superstar Chefs.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Aveyond I - Rhen's Quest\uninstall.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Bandicam\bdfix.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\BeachVolleyball\Volleyball.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\BIK Player\BIKPlayer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\BIK Player\mplayer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Bud Redhead\BudRedhead.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmvdrv.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Canon\IJPLM\ijplmui.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEACNF.EXE a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\CAPCOM\Devil May Cry 3 Special Edition\DMC3SE.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\CAPCOM\Devil May Cry 3 Special Edition\GPadCfg.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Cheat Engine 6.5\DotNetDataCollector32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\ChickenInvadersUOPolish\CI4.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\defaults.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Steam\SteamService.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Common Files\Steam\SteamService.exe.old a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\At Worlds End.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\DOSBox-0.74\DOSBox.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Drengin.net\LWNinja\LWNinja.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Drengin.net\LWNinja\UNWISE.EXE a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Enlight\Restaurant Empire\readme.htm HTML/Iframe.B trojan
C:\Program Files (x86)\ezvid\ffmpeg.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Sky Bubbles Deluxe\SkyBubbles.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Sky Bubbles Deluxe\SkyBubbles.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Snowy Puzzle Islands\PuzzleIslands.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Star Defender 3\StarDefender3.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Tiny Worlds\TinyWorlds.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Turtix Rescue Adventure\Turtix.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Wonderlines\wonderlines.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Xeno Assault\Xeno.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FajnaGra.pl\Zzed\Zzed.wrp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Flatspace\Flatspace.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFInst.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FormatFactory.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\timidity.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\Encoder\mac.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\Encoder\mencoder.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\Encoder\mkvmerge.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\Encoder\mplayer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\Encoder\MP4Box\mp4box.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Foxy Games\Chicken Invaders 5 - Cluck of the Dark Side\CI5.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleUpdate.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleUpdateBroker.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleUpdateCore.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleUpdateSetup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleUpdateWebPlugin.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.33.5\GoogleUpdateSetup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\i2p\I2Psvc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\InstallShield Installation Information\{6B579E15-40D3-11D7-B796-0050BFE4DB80}\Setup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\InstallShield Installation Information\{73D0840C-FAE6-42F2-9F21-06322172CAAE}\setup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\InstallShield Installation Information\{9C0A9803-4592-11D7-B796-0050BFE4DB80}\Setup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\InstallShield Installation Information\{9C46BFE9-5687-410B-97D5-8F58AA0E6FBE}\_backup\DMC3SE.exe a variant of Win32/Expiro.NCJ virus
C:\Program Files (x86)\InstallShield Installation Information\{9C46BFE9-5687-410B-97D5-8F58AA0E6FBE}\_backup\GPadCfg.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\InstallShield Installation Information\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\setup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Internet Explorer\ExtExport.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Internet Explorer\ieinstal.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Internet Explorer\ielowutil.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\jabswitch.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\java-rmi.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaws.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\jjs.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2launcher.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\keytool.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\kinit.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\klist.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\ktab.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\orbd.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\pack200.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\policytool.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\rmid.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\rmiregistry.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\servertool.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssvagent.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\tnameserv.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre1.8.0_101\bin\unpack200.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\java.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\javacpl.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\javaw.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\javaws.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\jqs.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\keytool.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\kinit.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\klist.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\ktab.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\orbd.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\pack200.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\policytool.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\rmid.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\servertool.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Kolekcja Klasyki\Sacred - Złota Edycja\Config.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Kolekcja Klasyki\Sacred - Złota Edycja\GameServer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Kolekcja Klasyki\Sacred - Złota Edycja\Sacred.exe a variant of Win32/Expiro.NCJ virus
C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\MacheteSoft\Machete\Machete.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\MacheteSoft\MacheteLite\MacheteLite.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Magiczny Sklep\game.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Marbles Deluxe Free Trial\afl.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Marbles Deluxe Free Trial\launcher.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Marbles Deluxe Free Trial\Marbles.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Mirillis\Action!\action_svc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Mirillis\Action!\tutorial_launcher.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Mirillis\Action!\upload_login.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Mirillis\Splash\upload_login.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\MSI Afterburner\SDK\Samples\SharedMemory\MACMSharedMemorySample\Release\MACMSharedMemorySample.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\MSI Afterburner\SDK\Samples\SharedMemory\MAHMSharedMemorySample\Release\MAHMSharedMemorySample.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NCH Software\Components\mp3el2\lame.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NCH Software\Debut\debut.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NCH Software\Debut\mp3el2.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NCH Software\Debut\x264enc5.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvsttest.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NVStWiz.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Notification.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvSHIM.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OBS\OBS.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OBS\QSVHelper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OBS\plugins\GraphicsCapture\injectHelper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\obs-studio\bin\32bit\obs32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\obs-studio\data\obs-plugins\obs-ffmpeg\ffmpeg-mux32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\obs-studio\data\obs-plugins\win-capture\inject-helper32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\odbcconfig.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\python.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\rebasegui.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\rebaseoo.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\regcomp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\regmerge.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\regview.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\sbase.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\scalc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\senddoc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\simpress.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\smath.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\sweb.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\swriter.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\uno.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\unoinfo.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\unopkg.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.6\bin\python.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.6\lib\distutils\command\wininst-6.0.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.6\lib\distutils\command\wininst-7.1.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.6\lib\distutils\command\wininst-8.0.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.6\lib\distutils\command\wininst-9.0.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Pharaoh's Secret\pharaohs_secret.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\PicosmosTools\PFBatch.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\PicosmosTools\PFInst.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Podniebne Taxi\Sky Taxi (PL) 2009_08_18.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner Statistics Server\Redist\dxwebsetup.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Samples\SharedMemory\RTSSSharedMemorySample\Release\RTSSSharedMemorySample.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\SDK\Samples\Host\MonitoringHostSample\Release\MonitoringHostSample.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\SDK\Samples\SharedMemory\RTEQSharedMemorySample\Release\RTEQSharedMemorySample.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\SDK\Samples\SharedMemory\RTHMSharedMemorySample\Release\RTHMSharedMemorySample.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\SDK\Samples\SharedMemory\RTSSSharedMemorySample\Release\RTSSSharedMemorySample.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderWrapper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\NVXML\NVXML.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Rockstar Games\GTA2\gta2 manager.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Rockstar Games\GTA2\gta2.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Roni Music\Sweet MIDI Player 32\Swmipl32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RSUPPORT\liteCam HD\Info.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RSUPPORT\liteCam HD\LiteCam.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\RSUPPORT\liteCam HD\Splash.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Serpenthead\UNWISE.EXE a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\GameOverlayUI.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\Steam.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\steamerrorreporter.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\steamTmp.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\streaming_client.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\WriteMiniDump.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\bin\html5app_steam.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\bin\steamservice.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\bin\x86launcher.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\steam\games\appid_10540.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\steam\games\appid_10560.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\steam\games\appid_17300.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\steam\games\appid_17330.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Steam\steam\games\appid_17340.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\SuperCollapse3_at\SuperCollapseIII.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\VulkanRT\1.0.39.1\vulkaninfo32.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\WB Games\LEGO® Harry Potter™ 2\rld.dll a variant of Win32/HackTool.Crack.BB potentially unsafe application
C:\Program Files (x86)\Windows 7 Activator\uninstall.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Mail\wab.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Mail\wabmig.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\setup_wm.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\wmlaunch.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\WMPDMC.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\wmpenc.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\wmplayer.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\wmprph.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Media Player\wmpshare.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Windows Sidebar\sidebar.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\WinRAR\Rar.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\WinRAR\Uninstall.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\WinRAR\UnRAR.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\WinRAR\WinRAR.exe a variant of Win32/Expiro.CG virus
C:\Program Files (x86)\Xilam\Stupid Invaders\Stupid Invaders.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\Auto Keyboard\KeyPresser.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\setup.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience\NVIDIA GeForce Experience.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience\NVIDIA Notification.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience\NVIDIA Share.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\x86\server\NvStreamUserAgent.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\NVIDIA Web Helper.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\nvnodejslauncher.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvContainer\x86\NvContainer.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryContainer.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\ShadowPlay\DXSETUP.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\ShadowPlay\nvspcaps.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\ShadowPlay\nvsphelper.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\Update.Core\NvProfileUpdater32.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\Update.Core\NvSHIM.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\Update.Core\NvTmMon.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\NVIDIA Corporation\Downloader\latest\Update.Core\NvTmRep.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\Oracle\Java\javapath\java.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\Oracle\Java\javapath\javaw.exe a variant of Win32/Expiro.CG virus
C:\ProgramData\Oracle\Java\javapath\javaws.exe a variant of Win32/Expiro.CG virus
C:\Python27\python.exe a variant of Win32/Expiro.CG virus
C:\Python27\pythonw.exe a variant of Win32/Expiro.CG virus
C:\Python27\w9xpopen.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\distutils\command\wininst-6.0.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\distutils\command\wininst-7.1.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\distutils\command\wininst-8.0.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\distutils\command\wininst-9.0.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\site-packages\setuptools\cli-32.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\site-packages\setuptools\cli.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\site-packages\setuptools\gui-32.exe a variant of Win32/Expiro.CG virus
C:\Python27\Lib\site-packages\setuptools\gui.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\Auto Keyboard\KeyPresser.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\setup.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\GFExperience\NVIDIA GeForce Experience.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\GFExperience\NVIDIA Notification.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\GFExperience\NVIDIA Share.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\x86\server\NvStreamUserAgent.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\nodejs\NVIDIA Web Helper.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\nodejs\nvnodejslauncher.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\NvContainer\x86\NvContainer.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryContainer.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\ShadowPlay\DXSETUP.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\ShadowPlay\nvspcaps.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\ShadowPlay\nvsphelper.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\Update.Core\NvProfileUpdater32.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\Update.Core\NvSHIM.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\Update.Core\NvTmMon.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\NVIDIA Corporation\Downloader\latest\Update.Core\NvTmRep.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\Oracle\Java\javapath\java.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\Oracle\Java\javapath\javaw.exe a variant of Win32/Expiro.CG virus
C:\Users\All Users\Oracle\Java\javapath\javaws.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\Apps\2.0\P2HJ1ZT4.3O2\B9O9TJGJ.HP9\clic...exe_baa8013a79450f71_0001.0003_none_855491df37a516c6\GoogleUpdateSetup.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\Apps\2.0\P2HJ1ZT4.3O2\B9O9TJGJ.HP9\clic...exe_f09d422d3b6d863a_0001.0003_none_1f743fbe4a8e0300\GoogleUpdateSetup.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\Apps\2.0\P2HJ1ZT4.3O2\B9O9TJGJ.HP9\inst...app_baa8013a79450f71_0001.0003_fcb5e3c9957751f1\GoogleUpdateSetup.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\Apps\2.0\P2HJ1ZT4.3O2\B9O9TJGJ.HP9\inst...app_f09d422d3b6d863a_0001.0003_22624e04cc1e011a\GoogleUpdateSetup.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\Firefox\Firefox\Profiles\3ansxqm3.default\cache2\entries\974A37CAD4743749A00EB1607DB7166C9EAA6C99 JS/Adware.Imali.A application
C:\Users\Arleta\AppData\Local\Gatughtmine\SwReporter\8.62.4\software_reporter_tool.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\SwReporter\17.94.0\software_reporter_tool.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\LocalLow\Unity\WebPlayer\UnityBugReporter.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\LocalLow\Unity\WebPlayer\UnityWebPlayerUpdate.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Roaming\FFsplit\ffmpeg\bin\ffmpeg.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\AppData\Roaming\Xufod\ymumz.exe Win32/Spy.Zbot.ABV trojan
C:\Users\Arleta\Desktop\she.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\Bandisoft.Bandicam.v2.3.3.860.Keymaker.Only.MAZE\host blocker.bat BAT/HostsChanger.A potentially unsafe application
C:\Users\Arleta\Desktop\Bandisoft.Bandicam.v2.3.3.860.Keymaker.Only.MAZE\Keygen.exe a variant of Win32/Expiro.NCJ virus
C:\Users\Arleta\Desktop\gry na gba\VBA link\VisualBoyAdvance.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\mediafire-wz.blogspot.com.S.Br.1.1.Build.88\u1504.exe a variant of Win32/UltraReach potentially unsafe application
C:\Users\Arleta\Desktop\moje\pong_2_1.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\!!\gry\Digi.Pool.v1.02.WinALL.Incl.Keygen-ECLiPSE.ZIP a variant of Win32/Keygen.DY potentially unsafe application
C:\Users\Arleta\Desktop\moje\!!!!\3danalyzer\3DAnalyze.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\AAAAAAAAAAA a to gry arcade lab full i nir tylko\Chicken Invaders 2\ChickenInvaders2.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\AAAAAAAAAAA a to gry arcade lab full i nir tylko\chicken invaders 2 christmas\Chicken Invaders 2 Christmas Edition Portable\ChickenInvaders2Xmas-WT.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\AAAAAAAAAAA a to gry arcade lab full i nir tylko\Chicken Invaders 3 - Revenge of the Yolk!\Chicken Invaders 3\CI3.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\AAAAAAAAAAA a to gry arcade lab full i nir tylko\digi pool\Digi Pool.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\AAAAAAAAAAA a to gry arcade lab full i nir tylko\digi pool\Keygen.exe a variant of Win32/Keygen.DY potentially unsafe application
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\and-18\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\broli\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\cell-j\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\cellhd\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\Chibi Trunks\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\freezahd\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\Goku-n-hd\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\Goku-SSJ2\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\Goku-SSJ4\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\goten\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\kaioshin\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\kame\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\kuririn\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\m-gohan\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\mrboohd\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\n-trunks\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\panchan\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\piccolo\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\Raditz\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\Recoom\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\satan-son\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\son-gohan\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\trunkse\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\Vegeta Normal 2\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\vegeta-ssj4\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\vegetahd\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\yamcha\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\!!!!\DBZ Mugen Edition 2\chars\zarbom\CharSffDtoW.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\CCleanerBusinessPortable\App\CCleaner\CCleaner.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\CCleanerBusinessPortable\Other\_Include\7-Zip\7z.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\CCleanerPROPortable\App\CCleaner\CCleaner.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\CCleanerPROPortable\Other\_Include\7-Zip\7z.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\CCleanerTechnicianPortable\App\CCleaner\CCleaner.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\CCleanerTechnicianPortable\Other\_Include\7-Zip\7z.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\GoogleChromePortableDev\Data\profile\SwReporter\16.91.1\software_reporter_tool.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\key\Malwarebytes Anti-Malware Premium 2.2.1.1043 Final + SerialFix\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application
C:\Users\Arleta\Desktop\moje\PROGRAMY\Action silent Crack + Key\Blocker (silent).exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\PROGRAMY\DDOS\HTTP Attack 3.6\gui.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\PROGRAMY\DDOS\HTTP Attack 3.6\w9xpopen.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\PROGRAMY\mhs\MHS.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\test\re.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\test\readme.htm HTML/Iframe.B trojan
C:\Users\Arleta\Desktop\moje\test\Restaurant Empire.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\moje\test\Setup.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\OpenOffice 4.1.2 (pl) Installation Files\setup.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\psx gry\2001 - Light Weight Ninja\hhhh\pong_2_1.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\u connect proxy\u1504.exe a variant of Win32/UltraReach potentially unsafe application
C:\Users\Arleta\Desktop\vba\VisualBoyAdvance.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Desktop\vba link\VisualBoyAdvance.exe a variant of Win32/Expiro.CG virus
C:\Users\Arleta\Downloads\AAAAAAAAAAA a to gry arcade lab full i nir tylko.rar a variant of Win32/Keygen.DY potentially unsafe application
C:\Users\Arleta\Downloads\CheatEngine66.exe a variant of Win32/FusionCore.L potentially unwanted application
C:\Users\Arleta\Downloads\Daemon.Tools.Pro.8.1.1.Filefrogg.7z multiple threats
C:\Users\Arleta\Downloads\Malwarebytes 3.0.6 Premium + Keys.zip MSIL/HackTool.Patcher.I potentially unsafe application
C:\Users\Arleta\Downloads\[www.gigapurbalingga.com]_MbytPr3061469FM.rar MSIL/HackTool.Patcher.I potentially unsafe application
C:\Users\Arleta\Favorites\Głupki z Kosmosu – Stupid Invaders [32-64bit] [PL] _ Skidrow Cracked Games.url LNK/Agent.CH trojan
C:\Windows\IsUn0415.exe a variant of Win32/Expiro.CG virus
C:\Windows\Installer\1b97641.msi multiple threats
C:\Windows\Installer\d10ac1.msi a variant of Win32/Adware.ELEX.GJ application
C:\Windows\Installer\ddf791.msi multiple threats
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe a variant of Win32/Expiro.CG virus
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe a variant of Win32/Expiro.CG virus
C:\Windows\SysWOW64\control.exe a variant of Win32/Expiro.CG virus
C:\Windows\SysWOW64\dllhost.exe a variant of Win32/Expiro.CG virus
C:\Windows\SysWOW64\msiexec.exe a variant of Win32/Expiro.CG virus
C:\Windows\SysWOW64\SearchIndexer.exe a variant of Win32/Expiro.CG virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20170209Updater_zip_res2_newoo[1].exe a variant of Win32/Adware.ELEX.EN application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Updater20170303_newmm[1].exe a variant of Win32/Adware.ELEX.EN application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Updater_wmm0222_new[1].exe a variant of Win32/Adware.ELEX.EN application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Updater_wmm0224_new[1].exe a variant of Win32/Adware.ELEX.EN application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Updater_zipwmm1616_new[1].exe a variant of Win32/Adware.ELEX.EN application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Updater_zip_res0301_newmm[1].exe a variant of Win32/Adware.ELEX.EN application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Updater_zip_res2_new02060[1].exe a variant of Win32/Adware.ELEX.EN application
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe a variant of Win32/Expiro.CG virus
C:\Windows\SysWOW64\{B4945663-1978-4A85-AD25-7874EFE3B71D}\_ALLOWDEL_6qm\co.tmp a variant of Win32/Adware.ELEX.IF application
C:\Windows\winsxs\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.1.7600.16385_none_26e76f2ac1492952\wmprph.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_6.1.7601.17514_none_8375605f8afb0c19\wmlaunch.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.19148_none_73c7cf1c9a2efda6\wmpconfig.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.19148_none_73c7cf1c9a2efda6\wmplayer.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.19148_none_73c7cf1c9a2efda6\wmpshare.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_6.1.7601.17514_none_331c32d99bebbdac\mip.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18984_none_79be06e3c2bb6b2e\TabTip32.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_963528f4b7e5d0fd\wordpad.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchIndexer.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7600.16385_none_99424f610bd169de\control.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_247621f7aa7542ff\ImagingDevices.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.2.9600.18349_none_8cbb4134cde1a547\ielowutil.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.2.9600.16428_none_b436382b203656be\ExtExport.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.18349_none_6ee10e2cee49489d\ieinstal.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.18896_none_4b344ed5e49b1efc\msiexec.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_affb336d34ccf2f8\setup_wm.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_a3fa8a7d892f3cc9\wmpenc.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_884c69064922f75b\msinfo32.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.1.7600.16385_none_41c821eeeae8dea2\pipanel.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\wab.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\wabmig.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_6.1.7601.17514_none_f06adab455a2f1e9\WMPDMC.exe a variant of Win32/Expiro.CG virus
C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_f4539aeea51b2a11\mscorsvw.exe a variant of Win32/Expiro.CG virus
C:\Wonderland Demo v1.17\Wonderland.exe a variant of Win32/Expiro.CG virus
D:\MPEG_Streamclip.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFInst.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FormatFactory.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFModules\RMEncoder.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFModules\timidity.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFModules\Encoder\mac.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFModules\Encoder\vfw2menc.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFModules\Encoder\MP4Box\MP4Box.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFModules\Package\PFInstOnline.exe a variant of Win32/Expiro.CG virus
D:\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Expiro.CG virus
D:\FreeVideoCutter.exe\ffmpeg.exe a variant of Win32/Expiro.CG virus
D:\Media Cope\ffmpeg.exe a variant of Win32/Expiro.CG virus
D:\Media Cope\mplayer.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\firefox.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\plugin-container.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\plugin-hang-ui.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updater.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\tor.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-client.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfsproxy.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\w9xpopen.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\firefox.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\plugin-container.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\plugin-hang-ui.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\updater.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\tor.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\PluggableTransports\fteproxy.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\PluggableTransports\meek-client.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\PluggableTransports\obfsproxy.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe a variant of Win32/Expiro.CG virus
D:\Tor Browser\Browser\updated\TorBrowser\Tor\PluggableTransports\w9xpopen.exe a variant of Win32/Expiro.CG virus

 

 

 

 

 

 

 

 

 

 

 

 

SECOND SCANS

 

 

 

JRT

_____________________________________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Arleta (Administrator) on 2017-05-23 at  4:57:14,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 24

Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\008KTZ0X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KE5VQOV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XP3G74N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZYPIUMT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53HX2YNK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIF3BBTY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHFLYBBZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EW5QWWKC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK4ZIB32 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7M2Q6S3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBRDABGV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Arleta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLGS8WAK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\008KTZ0X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KE5VQOV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XP3G74N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZYPIUMT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53HX2YNK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIF3BBTY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHFLYBBZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EW5QWWKC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK4ZIB32 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7M2Q6S3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBRDABGV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLGS8WAK (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-05-23 at  5:00:11,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

____________________________________________________________________________

 

MTB

____________________________________________________________________________

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Arleta (administrator) on 23-05-2017 at 05:01:46
Running from "C:\Users\Arleta\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: N68S3+ Manufacturer: BIOSTAR Group
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Konfiguracja IP systemu Windows

Pomylnie oprniono pami podrczn programu rozpoznawania nazw DNS.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 www.mirillis.com
127.0.0.1 s0ft4pc.com
127.0.0.1 serwer2.paka-service.com
127.0.0.1 https://www.youtube.com/watch?v=AlJd1uwLWSA&index=68&list=PLpGUOXjyiIcYiBug4-0uIvp9D6WIDrzxu
127.0.0.1 http://www.cda.pl/video/5496855c
127.0.0.1 https://apps.facebook.com/wiejskiezycie/?ref_notif=C20150127&fb_source=notification&ref=notif&notif_t=app_notification
127.0.0.1 https://apps.facebook.com/cross-stitch-world/?fb_source=sidebar_bookmark
127.0.0.1 https://apps.facebook.com/cross-stitch-world
127.0.0.1 apps.facebook.com/cross-stitch-world
127.0.0.1 www.facebook.com/cross-stitch-world128.199.121.125                   skisaaydp.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
74.86.5.247 apowersoft.com
127.0.0.1 74.86.5.247
127.0.0.1 bandicam.com
========================= IP Configuration: ================================

GlobeTrotter GI0505 - Network Interface = Komórkowe połączenie szerokopasmowe 5 (Connected)
Kontroler sieci NVIDIA nForce = Połączenie lokalne 2 (Media disconnected)

# ----------------------------------
# Konfiguracja IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# Koniec konfiguracji IPv4

 

Konfiguracja IP systemu Windows

   Nazwa hosta . . . . . . . . . . . : Arleta-Komputer
   Sufiks podstawowej domeny DNS . . :
   Typ w©za . . . . . . . . . . . . : Hybrydowy
   Routing IP wĄczony . . . . . . . : Nie
   Serwer WINS Proxy wĄczony. . . . : Nie

Karta kom˘rkowego poĄczenia szerokopasmowego Kom˘rkowe poĄczenie szerokopasmowe 5:

   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : GlobeTrotter GI0505 - Network Interface #3
   Adres fizyczny. . . . . . . . . . :
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
   Adres IPv4. . . . . . . . . . . . . : 10.242.76.74(Preferowane)
   Maska podsieci. . . . . . . . . . : 255.255.255.255
   Brama domylna. . . . . . . . . . : 10.242.76.75
   Serwery DNS . . . . . . . . . . . : 194.204.159.1
                                       194.204.152.34
   NetBIOS przez Tcpip . . . . . . . : WĄczony

Karta Ethernet PoĄczenie lokalne 2:

   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Kontroler sieci NVIDIA nForce
   Adres fizyczny. . . . . . . . . . : 00-30-67-88-07-08
   DHCP wĄczone . . . . . . . . . . : Tak
   Autokonfiguracja wĄczona . . . . : Tak

Karta tunelowa isatap.{8233B5F5-ABF5-42B8-AA0A-1C551190EF5B}:

   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak

Karta tunelowa isatap.{BEB6F863-2C50-4614-947A-7E67B5A96F25}:

   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #2
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak

Karta tunelowa Teredo Tunneling Pseudo-Interface:

   Sufiks DNS konkretnego poĄczenia :
   Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
   Adres IPv6. . . . . . . . . . . . : 2001:0:9d38:90d7:1457:3888:f50d:b3b5(Preferowane)
   Adres IPv6 poĄczenia lokalnego . : fe80::1457:3888:f50d:b3b5%14(Preferowane)
   Brama domylna. . . . . . . . . . : ::
   NetBIOS przez Tcpip . . . . . . . : WyĄczony
DNS request timed out.
    timeout was 2 seconds.
Serwer:  UnKnown
Address:  194.204.159.1

˝Ądanie polecenia ping nie moľe znale«† hosta google.com. Sprawd« nazw© i pon˘w pr˘b©.
Serwer:  UnKnown
Address:  127.0.0.1

˝Ądanie polecenia ping nie moľe znale«† hosta yahoo.com. Sprawd« nazw© i pon˘w pr˘b©.

Badanie 127.0.0.1 z 32 bajtami danych:
Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128
Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128

Statystyka badania ping dla 127.0.0.1:
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0
             (0% straty),
Szacunkowy czas bĄdzenia pakiet˘w w millisekundach:
    Minimum = 0 ms, Maksimum = 0 ms, Czas redni = 0 ms
===========================================================================
Lista interfejs˘w
 12...00 30 67 88 07 08 ......Kontroler sieci NVIDIA nForce
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

Tabela tras IPv4
===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci   Maska sieci      Brama          Interfejs Metryka
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Trasy trwae:
  Brak

Tabela tras IPv6
===========================================================================
Aktywne trasy:
 Jeli Metryka Miejsce docelowe w sieci      Brama
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Trasy trwae:
  Brak
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/23/2017 05:01:20 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x760
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:58:12 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x990
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:57:05 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xa00
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:47:50 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xbc0
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:45:41 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xfa4
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:42:36 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xf7c
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:42:03 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xe44
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:41:54 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x430
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:41:37 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0x96c
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

Error: (05/23/2017 04:41:21 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Nazwa modułu powodującego błąd: DTShellHlp.exe, wersja: 8.1.1.666, sygnatura czasowa: 0x589327a8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000000083e3
Identyfikator procesu powodującego błąd: 0xc34
Godzina uruchomienia aplikacji powodującej błąd: 0xDTShellHlp.exe0
Ścieżka aplikacji powodującej błąd: DTShellHlp.exe1
Ścieżka modułu powodującego błąd: DTShellHlp.exe2
Identyfikator raportu: DTShellHlp.exe3

System errors:
=============
Error: (05/23/2017 05:01:14 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:01:14 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:01:04 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:01:04 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:00:59 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:00:59 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:00:59 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:00:59 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:00:59 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

Error: (05/23/2017 05:00:54 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WSearch z powodu następującego błędu:
%%2 = Nie można odnaleźć określonego pliku.

 

Microsoft Office Sessions:
=========================
Error: (05/23/2017 05:01:20 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e376001d2d370b865e890C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe18487250-3f64-11e7-9087-003067880708

Error: (05/23/2017 04:58:12 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e399001d2d3706a3e3fa0C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exea86b54c0-3f63-11e7-9087-003067880708

Error: (05/23/2017 04:57:05 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3a0001d2d36f3a12c180C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe801ea670-3f63-11e7-9087-003067880708

Error: (05/23/2017 04:47:50 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3bc001d2d36ef6fd7250C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe357d3b50-3f62-11e7-9087-003067880708

Error: (05/23/2017 04:45:41 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3fa401d2d36ea94c87d0C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exee8cbe680-3f61-11e7-9087-003067880708

Error: (05/23/2017 04:42:36 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3f7c01d2d36e3c4cc870C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe7a888390-3f61-11e7-9087-003067880708

Error: (05/23/2017 04:42:03 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3e4401d2d36e28063360C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe66ab85c0-3f61-11e7-9087-003067880708

Error: (05/23/2017 04:41:54 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e343001d2d36e22bb8680C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe61054b60-3f61-11e7-9087-003067880708

Error: (05/23/2017 04:41:37 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e396c01d2d36e18bbb600C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe5702e2d0-3f61-11e7-9087-003067880708

Error: (05/23/2017 04:41:21 AM) (Source: Application Error)(User: )
Description: DTShellHlp.exe8.1.1.666589327a8DTShellHlp.exe8.1.1.666589327a8c000000500000000000083e3c3401d2d36e0f556660C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe4d9fee90-3f61-11e7-9087-003067880708

CodeIntegrity Errors:
===================================
  Date: 2017-05-22 21:57:59.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-22 21:57:59.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-22 21:57:59.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-22 21:57:59.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:05.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:05.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:05.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:05.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:04.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-18 15:21:04.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

3D Ripper DX v1.8.2 (HKLM-x32\...\3D Ripper DX_is1) (Version:  - Roman Lut)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.3.0 - Mirillis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\{7B0961DB-15EB-41AF-85DA-C296924CA408}) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
Aktualizacje NVIDIA 23.23.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.23.30.0 - NVIDIA Corporation) Hidden
amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.78 - NVIDIA Corporation) Hidden
Any Video Converter Ultimate 5.9.7 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtMoney SE v7.45 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.45 - System SoftLab)
Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
Aveyond I - Rhen's Quest (HKLM-x32\...\Aveyond I - Rhen's Quest) (Version:  - Amaranth Games, LLC)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.4.0.1227 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Beach Volleyball (remove only) (HKLM-x32\...\BeachVolleyball) (Version:  - )
BIK Player (HKLM-x32\...\{C755A3D1-0C93-4B0C-94C4-41C178116B64}_is1) (Version:  - bikplayer.com)
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: 2.0.16 - BikaQ)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM)
Bud Redhead - The Time Chase (HKLM-x32\...\Bud Redhead - The Time Chase_is1) (Version:  - )
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6140 - CDBurnerXP)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Chicken Invaders 4 (HKLM-x32\...\{3C420923-E434-42A4-AB5A-F5DD8277B2BD}_is1) (Version:  - )
Chicken Invaders 5 - Cluck of the Dark Side (HKLM-x32\...\Chicken Invaders 5 - Cluck of the Dark Side1.1) (Version: 1.1 - Foxy Games)
Chicken Invaders: Ultimate Omelette v4.13 (HKLM-x32\...\Chicken Invaders: Ultimate Omelette_is1) (Version:  - InterAction studios)
Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 8.1.1.0666 - Disc Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.00 - NCH Software)
Devil May Cry 3  Edycja Specjalna (HKLM-x32\...\{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}) (Version: 1.00.000 - CAPCOM)
Devil May Cry 3 patch 1.3.0 (HKLM-x32\...\{9C46BFE9-5687-410B-97D5-8F58AA0E6FBE}) (Version: 1.3.0 - )
DX Lines (HKLM-x32\...\DX Lines) (Version:  - )
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
EMCO MAC Address Scanner 1.3 (HKLM\...\{30EC7CBC-B928-4342-B570-FEDE3BFF2415}) (Version: 1.3.2.475 - EMCO Software)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
Firemin 4615 (HKLM\...\Firemin_is1) (Version: 4615 - Rizonesoft)
Flatspace (remove only) (HKLM-x32\...\Flatspace) (Version:  - )
FormatFactory 4.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.1.0.0 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Video Cutter Expert (remove only) (HKLM\...\Free Video Cutter Expert) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Gwiezdny obrońca 3 (HKLM-x32\...\Gwiezdny obrońca 3) (Version:  - Alawar Entertainment Inc.)
Ice Pack for Pocket Tanks Deluxe (HKLM-x32\...\Ice Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
KIANO USB modem (HKLM\...\KIANO USB modem_is1) (Version:  - )
LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts) Hidden
LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
Letasoft Sound Booster version 1.1 (HKLM-x32\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.1 - Letasoft LLC)
Light&Shadow Demo 1.05 (HKLM-x32\...\Light&Shadow Demo_is1) (Version:  - Lemonade Productions)
LightWeight Ninja (HKLM-x32\...\LightWeight Ninja) (Version:  - )
liteCam HD (HKLM-x32\...\{73D0840C-FAE6-42F2-9F21-06322172CAAE}) (Version: 4.32.0000 - RSUPPORT)
Machete 4.4 (HKLM-x32\...\{5D20BB95-BF3D-4A5D-992A-4F481911769A}) (Version: 4.4.22 - MacheteSoft)
Machete Lite 4.4 (HKLM-x32\...\{5AA5F026-2C4C-44CB-BD20-36CE891BABCB}) (Version: 4.4.11 - MacheteSoft)
Magiczny Sklep (HKLM-x32\...\Magiczny Sklep_is1) (Version:  - Nowe Media)
Malwarebytes (wersja 3.0.6.1458) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1458 - Malwarebytes)
Marbles Deluxe 1.31a (HKLM-x32\...\Marbles Deluxe Free Version_is1) (Version:  - )
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
Panel sterowania NVIDIA 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 378.78 - NVIDIA Corporation) Hidden
Party Pack for Pocket Tanks Deluxe (HKLM-x32\...\Party Pack for Pocket Tanks Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
Pdniebne Taxi (HKLM-x32\...\{D946870C-47B6-4FBA-936C-D3723461EB32}_is1) (Version:  - nowe-media.eu)
Pharaoh's Secret (HKLM-x32\...\{C593D6E0-F575-4219-91BF-E2432E8785EF}_is1) (Version:  - nowe-media.eu)
PicosmosTools 1.8.0.0 (HKLM-x32\...\PicosmosTools) (Version: 1.8.0.0 - Free Time)
Pirates of the Caribbean - At Worlds End (HKLM-x32\...\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}) (Version: 1.0 - Disney Interactive Studios)
Plasma Pack for Pocket Tanks Deluxe (HKLM-x32\...\Plasma Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Podniebne kulki: Deluxe (HKLM-x32\...\Podniebne kulki: Deluxe) (Version:  - Alawar Entertainment Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
RefreshPC (HKLM\...\RefreshPC_is1) (Version: 2.0 - WareSoft Software)
Rejestracja użytkownika drukarki Canon MP280 series (HKLM-x32\...\Rejestracja użytkownika drukarki Canon MP280 series) (Version:  - )
Rejestrator Ekranu Apowersoft V2.1.3 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.1.3 - APOWERSOFT LIMITED)
Remove Logo Now! 1.0 (HKLM-x32\...\Remove Logo Now!_is1) (Version: 1.0 - SoftOrbits)
Restaurant Empire (HKLM-x32\...\{9C0A9803-4592-11D7-B796-0050BFE4DB80}) (Version:  - )
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Rocket Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Rocket Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.00.0000 - RSUPPORT)
Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version:  - )
SerpentHead '99 (HKLM-x32\...\SerpentHead '99) (Version:  - )
SerpentHead Revisited (HKLM-x32\...\SerpentHead Revisited_is1) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splash (HKLM-x32\...\Mirillis Splash) (Version: 2.0.1 - Mirillis)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stupid Invaders (HKLM-x32\...\Stupid Invaders) (Version:  - )
Super Collapse 3 Free Trial (HKLM-x32\...\Super Collapse 3 Free Trial_is1) (Version:  - GameHouse)
Superstar Chefs Full Version 1.29 (HKLM-x32\...\Superstar Chefs Full Version_is1) (Version:  - Arcade Lab)
Sweet MIDI Player 32 (remove only) (HKLM-x32\...\Sweet MIDI Player 32) (Version:  - )
Śnieżek i Wyspa Zagadek (HKLM-x32\...\Śnieżek i Wyspa Zagadek) (Version:  - Alawar Entertainment Inc.)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Tiny Worlds (HKLM-x32\...\Tiny Worlds) (Version:  - Alawar Entertainment Inc.)
Turtix - Misja Ratunkowa (HKLM-x32\...\Turtix - Misja Ratunkowa) (Version:  - Alawar Entertainment Inc.)
uCAN®Connect (HKLM\...\{B3A60A37-A49D-4827-B960-84EDD0C5299B}) (Version: 2.2.3.230 - Option) Hidden
uCAN®Connect (HKLM-x32\...\{9941ABED-87FF-413B-9E89-15F60487AEC7}_x) (Version: 2.2.3.230 - Option)
Uninstall Restaurant Empire Demo (HKLM-x32\...\{6B579E15-40D3-11D7-B796-0050BFE4DB80}) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update_msi (HKLM-x32\...\{59B5A9CD-253D-4C41-A073-B387D4C9672D}) (Version: 1.0.0 - Default Company Name)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WebM Project Directshow Filters (HKCU\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Win7 MAC Address Changer version 2.0 (HKLM-x32\...\{F9A76116-6D56-4CEA-830E-E95C168DC95B}_is1) (Version: 2.0 - Zokali)
WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{36C065F3-1232-4BEF-9948-B47CD2ED68CF}) (Version: 4.3.0 - WinSnare)
Wonderlines (HKLM-x32\...\Wonderlines) (Version:  - Alawar Entertainment Inc.)
Xeno Assault (HKLM-x32\...\Xeno Assault) (Version:  - Alawar Entertainment Inc.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zzed (HKLM-x32\...\Zzed) (Version:  - Alawar Entertainment Inc.)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 4095.37 MB
Available physical RAM: 3096.91 MB
Total Virtual: 4109.55 MB
Available Virtual: 3096.01 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:146.48 GB) (Free:2.61 GB) NTFS
3 Drive d: () (Fixed) (Total:319.27 GB) (Free:5.75 GB) NTFS

========================= Users: ========================================

Konta uľytkownik˘w dla \\ARLETA-KOMPUTER

Administrator            Arleta                   Go†                    
Polecenie zostao wykonane pomylnie.

**** End of log ****

______________________________________________________________________________

 

 

 



#5 kwik129

kwik129
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 23 May 2017 - 01:17 PM

REST OF ADW CLEANER LOGS

 

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:04:17
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Skanowanie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

Wykryto usługę: SNARE

***** [ Foldery ] *****

Wykryto folder: C:\Program Files (x86)\DeviceVM
Wykryto folder: C:\Program Files (x86)\reports
Wykryto folder: C:\Users\Arleta\AppData\Roaming\Firefox
Wykryto folder: C:\Users\Arleta\AppData\Local\Firefox

***** [ Pliki ] *****

Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\gamingwonderland.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\internetspeedtracker.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\televisionfanatic.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\www.clipconverter[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\gamingwonderland.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\getvideoconvert.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\internetspeedtracker.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\televisionfanatic.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\KT9V6JSE\filmfanatic2.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\a.clipconverter[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\filmfanatic2.dl.myway[1].xml
Wykryto plik: C:\Program Files (x86)\settings.dat
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage-journal

***** [ DLL ] *****

Nie wykryto szkodliwych bibliotek DLL.

***** [ WMI ] *****

Nie wykryto szkodliwych kluczy.

***** [ Skróty ] *****

Nie wykryto zainfekowanych skrótów.

***** [ Zaplanowane zadania ] *****

Nie wykryto szkodliwych zadań.

***** [ Rejestr ] *****

Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\a.clipconverter.cc
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\clipconverter.cc
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\getvideoconvert.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.clipconverter.cc
Wykryto klucz: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Wykryto klucz: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Wykryto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Wykryto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wykryto klucz: HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Wykryto klucz: HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Wykryto klucz: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Wykryto wartość: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Wykryto klucz: HKU\.DEFAULT\Software\ompndb
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\GetPrivate
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\PRODUCTSETUP
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\WinSnare
Wykryto klucz: HKU\S-1-5-18\Software\ompndb
Wykryto klucz: HKCU\Software\GetPrivate
Wykryto klucz: HKCU\Software\PRODUCTSETUP
Wykryto klucz: HKCU\Software\WinSnare
Wykryto klucz: HKLM\SOFTWARE\ompndb
Wykryto klucz: HKLM\SOFTWARE\amule-custom
Wykryto klucz: HKLM\SOFTWARE\SoEasySvc
Wykryto klucz: HKLM\SOFTWARE\Bagsarah
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
Wykryto klucz: [x64] HKCU\Software\GetPrivate
Wykryto klucz: [x64] HKCU\Software\PRODUCTSETUP
Wykryto klucz: [x64] HKCU\Software\WinSnare
Wykryto klucz: [x64] HKLM\SOFTWARE\ompndb
Wykryto klucz: [x64] HKLM\SOFTWARE\InterSect Alliance
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]

***** [ Przeglądarki internetowe ] *****

Nie wykryto szkodliwych obiektów w przeglądarkach opartych na Firefoksie.
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - omniboxes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - delta-homes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.delta-homes.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - audio-amplifier-pro.en.softonic.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - startpageing123.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - startpageing123
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - audio-amplifier-pro.en.softonic.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - omniboxes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - delta-homes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - search.delta-homes.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11654 bajty] - [23/05/2017 05:04:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11728 bajty] ##########

 

 

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:15:53
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Skanowanie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

Nie wykryto szkodliwych usług.

***** [ Foldery ] *****

Wykryto folder: C:\Users\Arleta\AppData\Local\Firefox

***** [ Pliki ] *****

Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\gamingwonderland.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\internetspeedtracker.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\televisionfanatic.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\www.clipconverter[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\gamingwonderland.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\getvideoconvert.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\internetspeedtracker.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\televisionfanatic.dl.myway[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\KT9V6JSE\filmfanatic2.dl.tb.ask[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\a.clipconverter[1].xml
Wykryto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\filmfanatic2.dl.myway[1].xml
Wykryto plik: C:\Program Files (x86)\settings.dat
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage
Wykryto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage-journal

***** [ DLL ] *****

Nie wykryto szkodliwych bibliotek DLL.

***** [ WMI ] *****

Nie wykryto szkodliwych kluczy.

***** [ Skróty ] *****

Nie wykryto zainfekowanych skrótów.

***** [ Zaplanowane zadania ] *****

Nie wykryto szkodliwych zadań.

***** [ Rejestr ] *****

Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\a.clipconverter.cc
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\clipconverter.cc
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\getvideoconvert.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.dl.myway.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.clipconverter.cc
Wykryto klucz: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Wykryto klucz: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Wykryto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Wykryto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wykryto klucz: HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Wykryto klucz: HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Wykryto klucz: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Wykryto wartość: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Wykryto klucz: HKU\.DEFAULT\Software\ompndb
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\GetPrivate
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\PRODUCTSETUP
Wykryto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\WinSnare
Wykryto klucz: HKU\S-1-5-18\Software\ompndb
Wykryto klucz: HKCU\Software\GetPrivate
Wykryto klucz: HKCU\Software\PRODUCTSETUP
Wykryto klucz: HKCU\Software\WinSnare
Wykryto klucz: HKLM\SOFTWARE\ompndb
Wykryto klucz: HKLM\SOFTWARE\amule-custom
Wykryto klucz: HKLM\SOFTWARE\SoEasySvc
Wykryto klucz: HKLM\SOFTWARE\Bagsarah
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
Wykryto klucz: [x64] HKCU\Software\GetPrivate
Wykryto klucz: [x64] HKCU\Software\PRODUCTSETUP
Wykryto klucz: [x64] HKCU\Software\WinSnare
Wykryto klucz: [x64] HKLM\SOFTWARE\ompndb
Wykryto klucz: [x64] HKLM\SOFTWARE\InterSect Alliance
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wykryto klucz: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
Wykryto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]

***** [ Przeglądarki internetowe ] *****

Nie wykryto szkodliwych obiektów w przeglądarkach opartych na Firefoksie.
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - omniboxes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - delta-homes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.delta-homes.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] - audio-amplifier-pro.en.softonic.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - startpageing123.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - startpageing123
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - audio-amplifier-pro.en.softonic.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - omniboxes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - delta-homes
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - search.delta-homes.com
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11896 bajty] - [23/05/2017 05:04:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [11582 bajty] - [23/05/2017 05:15:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [11656 bajty] ##########

 

 

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:27:48
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Skanowanie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

Nie wykryto szkodliwych usług.

***** [ Foldery ] *****

Nie wykryto szkodliwych folderów.

***** [ Pliki ] *****

Nie wykryto szkodliwych plików.

***** [ DLL ] *****

Nie wykryto szkodliwych bibliotek DLL.

***** [ WMI ] *****

Nie wykryto szkodliwych kluczy.

***** [ Skróty ] *****

Nie wykryto zainfekowanych skrótów.

***** [ Zaplanowane zadania ] *****

Nie wykryto szkodliwych zadań.

***** [ Rejestr ] *****

Nie wykryto szkodliwych wpisów rejestru.

***** [ Przeglądarki internetowe ] *****

Nie wykryto szkodliwych obiektów w przeglądarkach opartych na Firefoksie.
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12464 bajty] - [23/05/2017 05:22:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11896 bajty] - [23/05/2017 05:04:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [11824 bajty] - [23/05/2017 05:15:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1812 bajty] - [23/05/2017 05:27:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1885 bajty] ##########

 

 

 

 

 

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:34:52
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Skanowanie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

Nie wykryto szkodliwych usług.

***** [ Foldery ] *****

Nie wykryto szkodliwych folderów.

***** [ Pliki ] *****

Nie wykryto szkodliwych plików.

***** [ DLL ] *****

Nie wykryto szkodliwych bibliotek DLL.

***** [ WMI ] *****

Nie wykryto szkodliwych kluczy.

***** [ Skróty ] *****

Nie wykryto zainfekowanych skrótów.

***** [ Zaplanowane zadania ] *****

Nie wykryto szkodliwych zadań.

***** [ Rejestr ] *****

Nie wykryto szkodliwych wpisów rejestru.

***** [ Przeglądarki internetowe ] *****

Nie wykryto szkodliwych obiektów w przeglądarkach opartych na Firefoksie.
Wykryto preferencje Chromium: [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12464 bajty] - [23/05/2017 05:22:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [1506 bajty] - [23/05/2017 05:30:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11896 bajty] - [23/05/2017 05:04:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [11824 bajty] - [23/05/2017 05:15:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1964 bajty] - [23/05/2017 05:27:48]
C:\AdwCleaner\AdwCleaner[S4].txt - [1958 bajty] - [23/05/2017 05:34:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2031 bajty] ##########

 

 

 

 

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:22:06
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Czyszczenie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

 

***** [ Foldery ] *****

[-] Usunięto folder: C:\Users\Arleta\AppData\Local\Firefox

***** [ Pliki ] *****

[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\gamingwonderland.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\internetspeedtracker.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\televisionfanatic.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\www.clipconverter[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\gamingwonderland.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\getvideoconvert.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\internetspeedtracker.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\televisionfanatic.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\KT9V6JSE\filmfanatic2.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\a.clipconverter[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\filmfanatic2.dl.myway[1].xml
[-] Usunięto plik: C:\Program Files (x86)\settings.dat
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage-journal

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Skróty ] *****

 

***** [ Zaplanowane zadania ] *****

 

***** [ Rejestr ] *****

[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\a.clipconverter.cc
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\clipconverter.cc
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\getvideoconvert.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.clipconverter.cc
[-] Usunięto klucz: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
[-] Usunięto klucz: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
[-] Usunięto wartość: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
[-] Usunięto klucz: HKU\.DEFAULT\Software\ompndb
[-] Usunięto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\GetPrivate
[-] Usunięto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\PRODUCTSETUP
[-] Usunięto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\WinSnare
[#] Klucz usunięto podczas ponownego uruchomienia: HKU\S-1-5-18\Software\ompndb
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\GetPrivate
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\PRODUCTSETUP
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\WinSnare
[-] Usunięto klucz: HKLM\SOFTWARE\ompndb
[-] Usunięto klucz: HKLM\SOFTWARE\amule-custom
[-] Usunięto klucz: HKLM\SOFTWARE\SoEasySvc
[-] Usunięto klucz: HKLM\SOFTWARE\Bagsarah
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\GetPrivate
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\PRODUCTSETUP
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\WinSnare
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\ompndb
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]

***** [ Przeglądarki ] *****

[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: omniboxes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: delta-homes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: search.delta-homes.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: audio-amplifier-pro.en.softonic.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default] [extension] Usunięto: cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default] [homepage] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: startpageing123.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: startpageing123
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: audio-amplifier-pro.en.softonic.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: omniboxes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: delta-homes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: search.delta-homes.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Usunięto: hxxp://www.startpageing123.com/searchfavicon.ico
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Usunięto: cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX

*************************

:: Usunięto klucze "Tracing"
:: Zresetowano ustawienia Winsock

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12000 bajty] - [23/05/2017 05:22:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11896 bajty] - [23/05/2017 05:04:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [11824 bajty] - [23/05/2017 05:15:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12296 bajty] ##########

 

 

 

 

 

 

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:30:39
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Czyszczenie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

 

***** [ Foldery ] *****

 

***** [ Pliki ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Skróty ] *****

 

***** [ Zaplanowane zadania ] *****

 

***** [ Rejestr ] *****

 

***** [ Przeglądarki ] *****

[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Usunięto: hxxp://www.startpageing123.com/searchfavicon.ico

*************************

:: Usunięto klucze "Tracing"
:: Zresetowano ustawienia Winsock

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12464 bajty] - [23/05/2017 05:22:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [1059 bajty] - [23/05/2017 05:30:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11896 bajty] - [23/05/2017 05:04:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [11824 bajty] - [23/05/2017 05:15:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1964 bajty] - [23/05/2017 05:27:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1427 bajty] ##########

 

 

 

 

 

 

The logs werent as confising as you said. I tried to install offline eset version but i cant because eset online deleted msiexec also deletet many windows files like photo viever etc and Nvidia files. Windows is now saying that i have unoriginal copy of windows. Can i restore deleted windows files?


Edited by kwik129, 23 May 2017 - 01:20 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:14 AM

Posted 23 May 2017 - 01:23 PM

Hello, yes you can restore..

Remove what Adwcleaner found.

Also those infections stole all passwords.. You need to change them..

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 kwik129

kwik129
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 23 May 2017 - 01:33 PM

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:22:06
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Czyszczenie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

 

***** [ Foldery ] *****

[-] Usunięto folder: C:\Users\Arleta\AppData\Local\Firefox

***** [ Pliki ] *****

[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\gamingwonderland.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\internetspeedtracker.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\televisionfanatic.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NOIAJR4H\www.clipconverter[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\gamingwonderland.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\getvideoconvert.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\internetspeedtracker.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\NDK5LF1K\televisionfanatic.dl.myway[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\KT9V6JSE\filmfanatic2.dl.tb.ask[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\a.clipconverter[1].xml
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Microsoft\Internet Explorer\DOMStore\B7XDQ0LG\filmfanatic2.dl.myway[1].xml
[-] Usunięto plik: C:\Program Files (x86)\settings.dat
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage
[-] Usunięto plik: C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_www.trotux.com_0.localstorage-journal

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Skróty ] *****

 

***** [ Zaplanowane zadania ] *****

 

***** [ Rejestr ] *****

[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\a.clipconverter.cc
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\clipconverter.cc
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\getvideoconvert.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.dl.myway.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.clipconverter.cc
[-] Usunięto klucz: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
[-] Usunięto klucz: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
[-] Usunięto wartość: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
[-] Usunięto klucz: HKU\.DEFAULT\Software\ompndb
[-] Usunięto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\GetPrivate
[-] Usunięto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\PRODUCTSETUP
[-] Usunięto klucz: HKU\S-1-5-21-3413610820-2486416330-431115022-1000\Software\WinSnare
[#] Klucz usunięto podczas ponownego uruchomienia: HKU\S-1-5-18\Software\ompndb
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\GetPrivate
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\PRODUCTSETUP
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\WinSnare
[-] Usunięto klucz: HKLM\SOFTWARE\ompndb
[-] Usunięto klucz: HKLM\SOFTWARE\amule-custom
[-] Usunięto klucz: HKLM\SOFTWARE\SoEasySvc
[-] Usunięto klucz: HKLM\SOFTWARE\Bagsarah
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
[-] Usunięto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\GetPrivate
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\PRODUCTSETUP
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\WinSnare
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\ompndb
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
[-] Usunięto klucz: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[-] Usunięto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[#] Klucz usunięto podczas ponownego uruchomienia: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.io
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]

***** [ Przeglądarki ] *****

[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: omniboxes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: delta-homes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: search.delta-homes.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: audio-amplifier-pro.en.softonic.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default] [extension] Usunięto: cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\Default] [homepage] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: startpageing123.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: startpageing123
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: audio-amplifier-pro.en.softonic.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: omniboxes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: delta-homes
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Usunięto: search.delta-homes.com
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Usunięto: hxxp://www.startpageing123.com/searchfavicon.ico
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Usunięto: cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Usunięto: hxxp://www.delta-homes.com/?type=hp&ts=1418875696&from=wpm12173&uid=HDT722525DLA380_VDS41LT8DN3XRHDN3XRHX

*************************

:: Usunięto klucze "Tracing"
:: Zresetowano ustawienia Winsock

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12000 bajty] - [23/05/2017 05:22:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11896 bajty] - [23/05/2017 05:04:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [11824 bajty] - [23/05/2017 05:15:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12296 bajty] ##########

 

 

 

 

 

# AdwCleaner v6.047 - raport utworzono 23/05/2017 o 05:30:39
# Ostatnia aktualizacja: 19/05/2017 przez Malwarebytes
# Baza danych : 2017-05-19.1 [Lokalna]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (X64)
# Nazwa użytkownika : Arleta - ARLETA-KOMPUTER
# Lokalizacja programu : C:\Users\Arleta\Downloads\AdwCleaner.exe
# Tryb: Czyszczenie
# Wsparcie : https://www.malwarebytes.com/support

 

***** [ Usługi ] *****

 

***** [ Foldery ] *****

 

***** [ Pliki ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Skróty ] *****

 

***** [ Zaplanowane zadania ] *****

 

***** [ Rejestr ] *****

 

***** [ Przeglądarki ] *****

[-] [C:\Users\Arleta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Usunięto: hxxp://www.startpageing123.com/searchfavicon.ico

*************************

:: Usunięto klucze "Tracing"
:: Zresetowano ustawienia Winsock

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12464 bajty] - [23/05/2017 05:22:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [1059 bajty] - [23/05/2017 05:30:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [12407 bajty] - [22/05/2017 01:25:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [11896 bajty] - [23/05/2017 05:04:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [11824 bajty] - [23/05/2017 05:15:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1964 bajty] - [23/05/2017 05:27:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1427 bajty] ##########



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:14 AM

Posted 23 May 2017 - 01:41 PM

Good you should restart system to be sure removal is complete.

Have you restored the other files. Can you tell if it's running better?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 kwik129

kwik129
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 23 May 2017 - 01:54 PM

I havent restored other files cause i don't know why my sys restore point is deleted. And i dont have win cd. How can i restore the files?. And yes running better. This was the worst virus i've ever met. Thanks for help you really helped me out. I cant install anything or add/delete any files. Did chkdsk help?


Edited by kwik129, 23 May 2017 - 01:55 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:14 AM

Posted 23 May 2017 - 04:15 PM

lets run this file checker

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users