SystemLook 30.07.11 by jpshortstuff Log created at 20:05 on 06/02/2014 by Martuś Administrator - Elevation successful ========== dir ========== C:\Windows\system32\GroupPolicy - Parameters: "/s" ---Files--- gpt.ini --a---- 127 bytes [09:11 18/01/2014] [09:11 18/01/2014] C:\Windows\system32\GroupPolicy\Machine d------ [09:11 18/01/2014] Registry.pol --a---- 602 bytes [09:11 18/01/2014] [09:11 18/01/2014] C:\Windows\system32\GroupPolicy\User d------ [09:11 18/01/2014] ========== reg ========== [HKEY_CURRENT_USER\Software\Google] (No values found) [HKEY_CURRENT_USER\Software\Google\Chrome] (No values found) [HKEY_CURRENT_USER\Software\Google\Chrome\BrowserCrashDumpAttempts] (No values found) [HKEY_CURRENT_USER\Software\Google\Common] (No values found) [HKEY_CURRENT_USER\Software\Google\Common\Rlz] (No values found) [HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events] (No values found) [HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\B] "R1R"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\C] "C1S"= 0x0000000001 (1) "C1F"= 0x0000000001 (1) "C2F"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes] "B"=08 88 d4 20 55 b1 cc 01 (REG_QWORD) [HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLSs] "B"="org.mozilla:pl:official" [HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs] "B3"="1B2GGFB_enPL267" "R1"="1R1GGGL_pl___PL356" "R0"="1R0GGGL_pl" [HKEY_CURRENT_USER\Software\Google\Drive] "Installed"="True" "thankyoushown"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Toolbar for Firefox] (No values found) [HKEY_CURRENT_USER\Software\Google\Toolbar for Firefox\tf5qjpb4.default] "path"="C:\Users\Martuś\AppData\Roaming\Mozilla\Firefox\Profiles\tf5qjpb4.default" [HKEY_CURRENT_USER\Software\Google\Update] "path"="C:\Users\Martuś\AppData\Local\Google\Update\GoogleUpdate.exe" "version"="1.3.22.3" "LastCodeRedCheck"= 0x004f29b838 (1328134200) "UninstallCmdLine"=""C:\Users\Martuś\AppData\Local\Google\Update\GoogleUpdate.exe" /uninstall" "IsMSIHelperRegistered"= 0x0000000001 (1) "LastOSVersion"=1c 01 00 00 06 00 00 00 00 00 00 00 70 17 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 01 00 (REG_BINARY) "LastStartedAU"= 0x0052f3dba7 (1391713191) "LastChecked"= 0x0052f3d068 (1391710312) "LastInstallerExtraCode1"= 0x0000000003 (3) [HKEY_CURRENT_USER\Software\Google\Update\Clients] (No values found) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}] "pv"="1.3.22.3" "name"="Google Update" [HKEY_CURRENT_USER\Software\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}] "name"="Google Chrome binaries" "oopcrashes"= 0x0000000001 (1) "pv"="32.0.1700.107" "lang"="pl" [HKEY_CURRENT_USER\Software\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands] (No values found) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance] "CommandLine"=""C:\Users\Martuś\AppData\Local\Google\Chrome\Application\32.0.1700.107\Installer\setup.exe" --query-eula-acceptance" "WebAccessible"= 0x0000000001 (1) "RunAsUser"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host] "CommandLine"=""C:\Users\Martuś\AppData\Local\Google\Chrome\Application\32.0.1700.107\Installer\setup.exe" --multi-install --app-launcher --ensure-google-update-present" "SendsPings"= 0x0000000001 (1) "WebAccessible"= 0x0000000001 (1) "RunAsUser"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-cf] "CommandLine"=""C:\Users\Martuś\AppData\Local\Google\Chrome\Application\32.0.1700.107\Installer\setup.exe" --multi-install --quick-enable-cf" "SendsPings"= 0x0000000001 (1) "WebAccessible"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}] "name"="Google Chrome" "oopcrashes"= 0x0000000001 (1) "pv"="32.0.1700.107" "lang"="pl" [HKEY_CURRENT_USER\Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands] (No values found) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\install-extension] "CommandLine"=""C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe" --limited-install-from-webstore=%1" "SendsPings"= 0x0000000001 (1) "WebAccessible"= 0x0000000001 (1) "RunAsUser"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade] "CommandLine"=""C:\Users\Martuś\AppData\Local\Google\Chrome\Application\32.0.1700.107\Installer\setup.exe" --on-os-upgrade --multi-install --chrome --verbose-logging" "AutoRunOnOSUpgrade"= 0x0000000001 (1) [HKEY_CURRENT_USER\Software\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}] "name"="Program uruchamiający aplikacje Google Chrome" "oopcrashes"= 0x0000000001 (1) "lang"="pl" "pv"="32.0.1700.107" [HKEY_CURRENT_USER\Software\Google\Update\ClientState] (No values found) [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{00058422-BABE-4310-9B8B-B8DEB5D0B68A}] "dr"="1" [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{2CCBABCB-6427-4A55-B091-49864623C43F}] "dr"="1" [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{3C122445-AECE-4309-90B7-85A6AEF42AC0}] "dr"="0" [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}] "brand"="CHMB" "InstallTime"= 0x004d52506f (1297240175) "pv"="1.3.22.3" "RollCallDayStartSec"= 0x0052f340fe (1391673598) "LastCheckSuccess"= 0x0052f3d068 (1391710312) "UpdateTime"= 0x0052a6a2b4 (1386652340) "experiment_labels"="omaha=v3_22_3|Thu, 12 Dec 2013 23:34:11 GMT" [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState] "StateValue"= 0x0000000010 (16) [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}] "brand"="CHMB" "usagestats"= 0x0000000000 (0) "ap"="-multi-chrome" "dr"="1" "pv"="32.0.1700.107" "ActivePingDayStartSec"= 0x0052f340fe (1391673598) "RollCallDayStartSec"= 0x0052f340fe (1391673598) "LastCheckSuccess"= 0x0052f3d068 (1391710312) "UpdateTime"= 0x0052ea7c53 (1391098963) "UninstallString"="C:\Users\Martuś\AppData\Local\Google\Chrome\Application\32.0.1700.107\Installer\setup.exe" "lang"="pl" "UninstallArguments"=" --uninstall --multi-install" "LastInstallerExtraCode1"= 0x0000000003 (3) "InstallerResult"= 0x0000000000 (0) "InstallerError"= 0x000000001e (30) [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\CurrentState] "StateValue"= 0x0000000010 (16) [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}] "brand"="CHMB" "InstallTime"= 0x004d5250a2 (1297240226) "browser"= 0x0000000002 (2) "lang"="pl" "UninstallString"="C:\Users\Martuś\AppData\Local\Google\Chrome\Application\32.0.1700.107\Installer\setup.exe" "UninstallArguments"=" --uninstall --multi-install --chrome" "pv"="32.0.1700.107" "LastCheckSuccess"= 0x0052f3d068 (1391710312) "dr"="1" "lastrun"="13036187078911034" "ActivePingDayStartSec"= 0x0052f340fe (1391673598) "RollCallDayStartSec"= 0x0052f340fe (1391673598) "UpdateTime"= 0x004e3d7b75 (1312652149) "ap"="-multi-chrome" "LastInstallerResult"= 0x0000000000 (0) "LastInstallerError"= 0x000000001e (30) "InstallerResult"= 0x0000000000 (0) "InstallerError"= 0x000000001e (30) "InstallerResultUIString"="Instalator nie może prawidłowo rozpakować archiwum. Pobierz Google Chrome ponownie." "InstallerSuccessLaunchCmdLine"=""C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe"" "client"="DA40" "experiment_labels"="CrVar1=3310649|Thu, 06 Feb 2015 19:04:44 GMT;CrVar2=3310635|Thu, 06 Feb 2015 19:04:44 GMT;CrVar3=3300164|Thu, 06 Feb 2015 19:04:44 GMT;CrVar4=3300144|Thu, 06 Feb 2015 19:04:44 GMT;CrVar5=3300042|Thu, 06 Feb 2015 19:04:44 GMT;CrVar6=3300123|Thu, 06 Feb 2015 19:04:44 GMT;CrVar7=3300130|Thu, 06 Feb 2015 19:04:44 GMT;CrVar8=3300115|Thu, 06 Feb 2015 19:04:44 GMT;CrVar9=3300136|Thu, 06 Feb 2015 19:04:44 GMT" [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState] "StateValue"= 0x0000000010 (16) [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}] "pv"="32.0.1700.107" "lang"="pl" "RollCallDayStartSec"= 0x0052f340fe (1391673598) "LastCheckSuccess"= 0x0052f3d068 (1391710312) [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState] "StateValue"= 0x0000000010 (16) [HKEY_CURRENT_USER\Software\Google\Update\network] (No values found) [HKEY_CURRENT_USER\Software\Google\Update\network\secure] "sk"=01 00 00 00 d0 8c 9d df 01 15 d1 11 8c 7a 00 c0 4f c2 97 eb 01 00 00 00 db da dc d8 0d 1d ce 48 9c a4 2c 35 3c 26 52 67 00 00 00 00 10 00 00 00 67 00 75 00 70 00 64 00 61 00 74 00 65 00 00 00 03 66 00 00 a8 00 00 00 10 00 00 00 35 29 73 88 76 84 df 2c a1 18 f9 ec c8 4c 7b 9b 00 00 00 00 04 80 00 00 a0 00 00 00 10 00 00 00 0b 4b 80 bb d4 b2 d2 37 27 f2 d2 15 f5 ed 0b 6a 18 00 00 00 d1 ed 07 b7 db 11 9a 4d f1 0b aa 10 86 b3 4e 45 75 51 6a 0d b2 0d 01 e8 14 00 00 00 23 4f ae 85 6f c8 ed fd c2 16 72 a7 a9 c3 3a 57 b9 60 c8 93 (REG_BINARY) "c"="c=ANcH4TJ7IIh28E0YPM4GV38vcka6T2VI7NJMWs5wqvf4nl8V2vuWV-oTXCSbQ9bRo9IEef1gjFdn1miXJCISZv5GNIaFjQpnUw" [HKEY_CURRENT_USER\Software\Google\Update\proxy] "source"="direct" [HKEY_CURRENT_USER\Software\Google\Update\UsageStats] (No values found) [HKEY_CURRENT_USER\Software\Google\Update\UsageStats\Daily] "LastTransmission"= 0x004d525069 (1297240169) [HKEY_LOCAL_MACHINE\SOFTWARE\Google] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm] "path"="C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx" "version"="2.1.2.126" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost] @="C:\Program Files\Bench\NmHost\manifest.json" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Drive] "InstallLocation"="C:\Program Files\Google\Drive\googledrivesync.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Toolbar] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\NavClient] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update] "path"="C:\Program Files\Google\Update\GoogleUpdate.exe" "UninstallCmdLine"=""C:\Program Files\Google\Update\GoogleUpdate.exe" /uninstall" "IsMSIHelperRegistered"= 0x0000000001 (1) "LastOSVersion"=1c 01 00 00 06 00 00 00 00 00 00 00 70 17 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 01 00 (REG_BINARY) "version"="1.3.22.3" "LastStartedAU"= 0x0052f3da04 (1391712772) "LastCodeRedCheck"= 0x00523bdae1 (1379654369) "MsiStubRun"= 0x0000000000 (0) "LastChecked"= 0x0052f3b761 (1391703905) "LastInstallerSuccessLaunchCmdLine"=""C:\Program Files\Google\Drive\googledrivesync.exe" /firstrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{3C122445-AECE-4309-90B7-85A6AEF42AC0}] "pv"="1.13.5782.0599" "name"="Google Drive" "lang"="en-US" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}] "pv"="1.3.22.3" "name"="Google Update" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{3C122445-AECE-4309-90B7-85A6AEF42AC0}] "usagestats"= 0x0000000000 (0) "lang"="en-US" "brand"="GGLS" "InstallTime"= 0x00523bd9de (1379654110) "browser"= 0x0000000004 (4) "pv"="1.13.5782.0599" "LastCheckSuccess"= 0x0052f3b761 (1391703905) "ActivePingDayStartSec"= 0x00523bf270 (1379660400) "RollCallDayStartSec"= 0x0052f340fe (1391673598) "UpdateTime"= 0x0052aea574 (1387177332) "LastInstallerSuccessLaunchCmdLine"=""C:\Program Files\Google\Drive\googledrivesync.exe" /firstrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\CurrentState] "StateValue"= 0x0000000010 (16) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}] "pv"="1.3.22.3" "brand"="GGLS" "InstallTime"= 0x00523bd9ae (1379654062) "RollCallDayStartSec"= 0x0052f340fe (1391673598) "LastCheckSuccess"= 0x0052f3b761 (1391703905) "experiment_labels"="omaha=v3_22_3|Tue, 03 Dec 2013 23:51:53 GMT" "UpdateTime"= 0x0052983241 (1385706049) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState] "StateValue"= 0x0000000010 (16) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{3C122445-AECE-4309-90B7-85A6AEF42AC0}] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\network] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\network\secure] (No values found) ========== filefind ========== Searching for "*nikdaiaidiiiogaidkkekcmokcgcdeac*" C:\FRST\Quarantine\Bench06-02-2014_08-32-13\NmHost\data\installer\nikdaiaidiiiogaidkkekcmokcgcdeac --a---- 1128 bytes [09:11 18/01/2014] [09:11 18/01/2014] 4A76033336FD4798E6CCA04405EC8FD9 C:\Users\Martuś\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nikdaiaidiiiogaidkkekcmokcgcdeac_0.localstorage --a---- 91136 bytes [10:48 06/02/2014] [17:20 06/02/2014] CC5EF5FA6F58FB848099E23456B76F5D C:\Users\Martuś\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nikdaiaidiiiogaidkkekcmokcgcdeac_0.localstorage-journal --a---- 16384 bytes [10:48 06/02/2014] [17:20 06/02/2014] CA8A2307BFCA0D4C909080025BCBC6B3 ========== folderfind ========== Searching for "*nikdaiaidiiiogaidkkekcmokcgcdeac*" C:\FRST\Quarantine\nikdaiaidiiiogaidkkekcmokcgcdeac06-02-2014_08-32-11 d------ [09:12 18/01/2014] C:\FRST\Quarantine\nikdaiaidiiiogaidkkekcmokcgcdeac06-02-2014_18-20-39 d------ [10:48 06/02/2014] ========== regfind ========== Searching for "Discount Dragon" [HKEY_LOCAL_MACHINE\SOFTWARE\Discount Dragon] Searching for "nikdaiaidiiiogaidkkekcmokcgcdeac" No data found. -= EOF =-