BUBUs

Reklamy w przeglądarce

2 posty w tym temacie

Witam,

Proszę o sprawdzenie logów, gdyż po uruchomieniu przeglądarki (Opera) wyskakują reklamy.

 

OTL

[log]

OTL logfile created on: 2013-09-16 12:50:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kuba\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,59% Memory free
3,85 Gb Paging File | 2,95 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59,26 Gb Total Space | 16,42 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
Drive D: | 83,63 Gb Total Space | 72,80 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive E: | 73,69 Gb Total Space | 72,28 Gb Free Space | 98,09% Space Free | Partition Type: NTFS
Drive F: | 81,51 Gb Total Space | 27,40 Gb Free Space | 33,61% Space Free | Partition Type: NTFS
Drive G: | 683,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 928,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KUBEK | User Name: kuba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-09-16 12:48:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe
PRC - [2013-09-08 11:58:29 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe
PRC - [2013-09-08 11:58:20 | 004,009,024 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe
PRC - [2013-09-08 11:58:17 | 000,132,160 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe
PRC - [2013-09-06 22:55:38 | 001,811,368 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2013-08-28 17:43:17 | 002,498,560 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop\lollipop_08281543.exe
PRC - [2013-08-23 09:08:48 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files\WinZipper\winzipersvc.exe
PRC - [2013-08-22 06:03:49 | 000,303,680 | ---- | M] (Wsys Co., Ltd.) -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe
PRC - [2013-08-10 16:48:03 | 001,126,480 | ---- | M] (BitTorrent Inc.) -- F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe
PRC - [2013-07-29 12:41:14 | 003,402,304 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe
PRC - [2013-07-25 09:43:24 | 008,062,464 | ---- | M] (AQQ Sp. z o.o.) -- F:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2013-07-23 19:15:46 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-07-05 18:52:26 | 000,273,699 | ---- | M] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe
PRC - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2013-07-05 13:33:33 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013-06-27 18:40:18 | 001,205,088 | ---- | M] (TorchMedia Inc.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Update\TorchCrashHandler.exe
PRC - [2013-04-04 13:03:47 | 004,288,048 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2013-03-15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-12-21 14:13:05 | 000,741,888 | -HS- | M] (Microsoft Corp.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-09-11 19:13:51 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013-09-08 11:58:25 | 003,048,960 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozjs.dll
MOD - [2013-09-08 11:58:15 | 016,166,248 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2013-09-06 22:55:40 | 001,120,680 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013-08-28 17:43:17 | 002,498,560 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop\lollipop_08281543.exe
MOD - [2013-08-23 09:08:48 | 000,612,520 | ---- | M] () -- C:\Program Files\WinZipper\sqlite3.dll
MOD - [2013-08-22 00:18:28 | 000,687,104 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll
MOD - [2013-08-07 21:31:06 | 020,625,832 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013-07-29 12:41:14 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\zlib1.dll
MOD - [2013-07-05 18:52:26 | 000,273,699 | ---- | M] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe
MOD - [2013-07-05 18:49:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\28463\WCVR.006
MOD - [2013-07-05 18:49:26 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\28463\WCVR.007
MOD - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
MOD - [2013-07-05 13:33:49 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013-07-05 13:33:49 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013-07-05 13:33:49 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013-07-05 13:33:49 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013-07-05 13:33:49 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013-07-05 13:33:49 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013-07-05 13:33:48 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013-07-05 13:33:48 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013-07-05 13:33:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013-07-05 13:33:48 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013-07-05 13:33:48 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013-07-05 13:33:48 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013-06-15 01:49:12 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2013-06-15 01:49:12 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2013-06-15 01:49:12 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2013-04-04 13:03:47 | 004,288,048 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2013-09-11 19:13:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-08-23 09:08:48 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2013-08-22 06:03:49 | 000,303,680 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013-07-23 19:15:46 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
SRV - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013-06-27 18:40:18 | 001,205,088 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-06-18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2005-08-02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013-04-06 18:06:43 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-06-19 10:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011-12-08 08:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011-06-15 15:11:20 | 000,036,384 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2011-06-15 15:11:20 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2011-06-15 15:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLANMP)
DRV - [2011-06-15 15:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004-08-03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1376146024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1376146024
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=2&systemid=410
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=2&systemid=410
IE - HKCU\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4C5001D7D9EF54D&affID=119357&tsp=4979
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN64634776910812249&UM=1
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaulturl: "http://websearch.searchdwebs.info/?pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22&l=1&q="
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B906000a4-88d9-4d52-b209-7a772970d91f%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.startup.homepage: "http://websearch.searchdwebs.info/?pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22"
FF - prefs.js..browser.startup.homepage: "http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752"
FF - prefs.js..browser.search.defaultenginename: "delta-homes"
FF - prefs.js..browser.search.order.1: "delta-homes"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.selectedEngine: "delta-homes"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: F:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins

[2013-04-12 14:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Extensions
[2013-08-22 13:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions
[2013-08-01 20:04:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013-07-20 17:10:11 | 000,000,000 | ---D | M] (saife Savee) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eiiioa@a-.net
[2013-07-20 17:10:11 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eyeotuaia@dqywa-.co.uk
[2013-08-19 13:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\ffxtlbr@babylon.com
[2013-08-01 20:04:38 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\babylon.xml
[2013-07-15 09:14:37 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\bingp.xml
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\BrowserDefender.xml
[2013-07-20 20:11:28 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\delta.xml
[2013-07-20 17:10:16 | 000,007,845 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\WebSearch.xml
[2013-04-04 14:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: delta-homes (Enabled)
CHR - default_search_provider: search_url = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752&type=default&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - Extension: Hola Toolbar = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hfikdpojhgckaejifppccjeedkjcndpp\1.0_1\
CHR - Extension: Lightning Newtab = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0\
CHR - Extension: Torch Share = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_1\
CHR - Extension: Helper extension = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla\2.0_0\
CHR - Extension: Google Wallet Service = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (saife Savee) - {0F16CD64-6CD4-D095-22B0-6D9440BC56A1} - C:\Documents and Settings\All Users\Dane aplikacji\saife Savee\51c959d7abb59.dll ()
O2 - BHO: (SearchNewTab) - {2D93D711-BC37-3CBC-E019-C4AD1B9F3B48} - C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab\51c959e07af82.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [AQQ] F:\Program Files\WapSter\WapSter AQQ\AQQ.exe (AQQ Sp. z o.o.)
O4 - HKCU..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GG] C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKCU..\Run: [lollipop_08281543] c:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{851FF65C-3CCD-403F-95C5-F4475475A56A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe) - C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-04-03 20:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-03-29 10:16:20 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{48593422-9d13-11e2-8c2c-811d89ddc524}\Shell\AutoRun\command - "" = RunClubSanDisk.exe
O33 - MountPoints2\{bd7dfd95-9c93-11e2-a0f4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd7dfd95-9c93-11e2-a0f4-806d6172696f}\Shell\AutoRun\command - "" = G:\start.exe -- [2007-01-23 10:30:52 | 000,561,152 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-09-16 12:48:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe
[2013-09-09 21:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\Awesomium
[2013-09-09 20:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2013-09-09 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-09-09 20:49:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2013-09-09 20:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Menu Start\Programy\Steam
[2013-09-09 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam
[2013-09-09 18:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Play
[2013-09-08 11:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-09-07 08:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Moje dokumenty\Gameforge Live
[2013-09-07 08:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Gameforge4d
[2013-09-07 08:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gameforge Live
[2013-09-03 15:15:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kuba\Pulpit\Pierdoły
[2013-09-02 17:34:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\kuba\GG dysk
[2013-09-02 17:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\GG
[2013-09-02 17:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG
[2013-08-30 16:24:41 | 020,824,290 | ---- | C] (BR3ND ) -- C:\Documents and Settings\kuba\Moje dokumenty\Pliki serwerowe by BR3ND [1.6.2] V1.1.exe
[2013-08-29 20:59:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kuba\Recent
[2013-08-23 09:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinZipper
[2013-08-23 09:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipper
[2013-08-23 09:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\WinZipper
[2013-08-20 20:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2013-08-20 20:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\PriceGong
[2013-08-20 20:50:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kuba\PrivacIE
[2013-08-20 20:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\VIO Player
[2013-08-20 20:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\VIO Player
[2013-08-20 20:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013-08-20 20:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\APN
[2013-08-19 16:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
[2013-08-19 16:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\avgchrome
[2013-08-19 14:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Moje dokumenty\My ISO Files
[2013-08-19 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\WinISO Computing
[2013-08-19 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\WinISO Computing
[2013-08-19 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinISO Computing
[2013-08-19 13:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2013-08-19 13:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\San Andreas Mod Installer
[2013-08-17 20:19:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kuba\IETldCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-09-16 12:48:59 | 000,685,248 | ---- | M] () -- C:\Documents and Settings\kuba\Pulpit\Gmer(13252).exe
[2013-09-16 12:48:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe
[2013-09-16 12:47:46 | 000,524,886 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2013-09-16 12:47:46 | 000,463,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-09-16 12:47:46 | 000,100,820 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2013-09-16 12:47:46 | 000,079,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-09-16 12:44:08 | 000,025,494 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013-09-16 12:41:55 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-16 12:41:54 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013-09-16 12:41:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-09-15 21:36:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013-09-15 21:34:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-15 21:13:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-09-15 17:52:24 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2013-09-11 19:13:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-09-11 19:13:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-09-09 20:49:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-09-09 14:20:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-09-02 17:34:22 | 000,001,131 | ---- | M] () -- C:\Documents and Settings\kuba\Pulpit\GG.lnk
[2013-08-30 16:25:30 | 020,824,290 | ---- | M] (BR3ND ) -- C:\Documents and Settings\kuba\Moje dokumenty\Pliki serwerowe by BR3ND [1.6.2] V1.1.exe
[2013-08-30 16:18:36 | 000,675,988 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\Minecraft.exe
[2013-08-29 21:02:35 | 000,000,127 | ---- | M] () -- C:\WINDOWS\_delis43.ini
[2013-08-29 20:59:45 | 000,003,894 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130829_205934.reg
[2013-08-23 17:24:23 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-08-23 09:08:48 | 000,773,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013-08-23 09:08:48 | 000,421,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013-08-22 13:43:54 | 000,030,190 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130822_134349.reg
[2013-08-21 12:43:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DLL-files.com Fixer_UPDATES.job
[2013-08-19 16:34:34 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2013-08-19 14:32:13 | 483,188,736 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.img
[2013-08-19 14:32:09 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.dvd
[2013-08-19 13:35:28 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-09-16 12:48:59 | 000,685,248 | ---- | C] () -- C:\Documents and Settings\kuba\Pulpit\Gmer(13252).exe
[2013-09-09 20:49:37 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013-09-02 17:34:22 | 000,001,131 | ---- | C] () -- C:\Documents and Settings\kuba\Pulpit\GG.lnk
[2013-09-02 17:34:19 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\kuba\Menu Start\Programy\GG.lnk
[2013-08-30 16:18:36 | 000,675,988 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\Minecraft.exe
[2013-08-29 21:02:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2013-08-29 20:59:35 | 000,003,894 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130829_205934.reg
[2013-08-22 13:43:50 | 000,030,190 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130822_134349.reg
[2013-08-19 16:34:34 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2013-08-19 14:17:31 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.dvd
[2013-08-19 14:17:18 | 483,188,736 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.img
[2013-08-19 13:35:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013-08-17 20:19:05 | 000,001,047 | ---- | C] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Internet Explorer.lnk
[2013-07-05 16:50:12 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2013-06-25 13:35:10 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2013-06-25 13:35:10 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2013-06-25 13:35:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2013-05-31 15:11:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-05-21 16:02:53 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013-05-21 16:02:53 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\kuba\Dane aplikacji\PnkBstrK.sys
[2013-05-21 16:02:18 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013-05-21 16:02:15 | 002,337,865 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2013-05-21 16:02:15 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2013-05-05 18:38:36 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2013-04-04 19:21:21 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013-04-04 15:48:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013-04-04 13:08:10 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 12:59:28 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013-04-04 12:59:28 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013-04-04 12:59:28 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013-04-04 12:59:15 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013-04-03 21:54:37 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013-04-03 21:51:43 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-04-03 20:10:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-04-03 20:04:37 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013-06-09 16:27:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-01-07 18:21:32 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004-08-04 00:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-04 00:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013-08-31 18:49:30 | 000,010,933 | ---- | M] ()(C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR?_1377709607.hbs) -- C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR➴_1377709607.hbs
[2013-08-31 18:49:30 | 000,010,933 | ---- | C] ()(C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR?_1377709607.hbs) -- C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR➴_1377709607.hbs

< End of report >
[/log]

 

Extras

[log]

 

OTL Extras logfile created on: 2013-09-16 12:50:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kuba\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,59% Memory free
3,85 Gb Paging File | 2,95 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59,26 Gb Total Space | 16,42 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
Drive D: | 83,63 Gb Total Space | 72,80 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive E: | 73,69 Gb Total Space | 72,28 Gb Free Space | 98,09% Space Free | Partition Type: NTFS
Drive F: | 81,51 Gb Total Space | 27,40 Gb Free Space | 33,61% Space Free | Partition Type: NTFS
Drive G: | 683,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 928,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KUBEK | User Name: kuba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (All) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Documents and Settings\kuba\Dane aplikacji\File Scout\filescout.exe" /open "%1" ()
Directory [ChomikBox.Upload] -- "C:\Program Files\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57994:TCP" = 57994:TCP:*:Enabled:Pando Media Booster
"57994:UDP" = 57994:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57994:TCP" = 57994:TCP:*:Enabled:Pando Media Booster
"57994:UDP" = 57994:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:War Thunder
"443:TCP" = 443:TCP:*:Enabled:War Thunder
"20010:UDP" = 20010:UDP:*:Enabled:War Thunder
"3478:UDP" = 3478:UDP:*:Enabled:War Thunder
"7850:TCP" = 7850:TCP:*:Enabled:War Thunder
"27022:TCP" = 27022:TCP:*:Enabled:War Thunder
"6881:TCP" = 6881:TCP:*:Enabled:War Thunder
"33333:TCP" = 33333:TCP:*:Enabled:War Thunder
"20443:TCP" = 20443:TCP:*:Enabled:War Thunder
"8090:TCP" = 8090:TCP:*:Enabled:War Thunder

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"F:\Gry\KAG\KAG.exe" = F:\Gry\KAG\KAG.exe:*:Enabled:KAG -- ()
"C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe:*:Enabled:GameCenter@Mail.Ru
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\ExpressFiles\expressdl.exe" = C:\Program Files\ExpressFiles\expressdl.exe:*:Enabled:Express Files
"C:\Program Files\ExpressFiles\ExpressFiles.exe" = C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe" = F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\Steam\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe" = D:\Program Files\Steam\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe:*:Enabled:Forge -- (Epic Games, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{26050F54-3928-4D9C-849A-C48A9E831E6F}" = ChomikBox
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{643B056F-61C1-4489-9797-4D846D101A7A}" = King Arthur's Gold
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{897596EA-D1EC-4C65-AC9E-008AA6F751C6}_is1" = Pliki serwerowe by BR3ND [1.6.2] V1.1 wersja 1.1
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{924C3DC2-8E4E-432E-F973-9A2174A39774}" = saife Savee
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{975E691C-D9EF-4CFB-A9C7-AB44F4201B0C}_is1" = Warblade 1.33
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.7.0 "Legend"
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = BBrowsye2savve
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SearchNewTab
"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Algodoo_is1" = Algodoo v2.1.0
"Alien Nations 2 PL" = Alien Nations 2 PL
"AQQ" = WapSter AQQ
"CCleaner" = CCleaner
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dll-Files Fixer_is1" = Dll-Files Fixer
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Firefox 22.0 (x86 pl)" = Mozilla Firefox 22.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCut_is1" = NetCut 2.08
"Notepad++" = Notepad++
"Opera 12.16.1860" = Opera 12.16
"PunkBusterSvc" = PunkBuster Services
"Re-Volt" = Re-Volt
"SP_0bdf5975" = SafeSaver 1.74
"SP_48c708f2" = BrowseToSave 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"Steam App 223390" = Forge
"uTorrentControl_v6 Toolbar" = uTorrentControl_v6 Toolbar
"Wędkarz 2_is1" = Wędkarz 2
"WIC" = Windows Imaging Component
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WinZipper" = WinZipper

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
"lollipop_08281543" = Lollipop
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-08-22 07:07:07 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd lollipop_06171325.exe, wersja 0.0.0.0, moduł
powodujący błąd lollipop_06171325.exe, wersja 0.0.0.0, adres błędu 0x001c1241.

Error - 2013-08-31 06:45:24 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd lollipop_08281543.exe, wersja 0.0.0.0, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x05e2e5cf.

Error - 2013-09-03 10:32:28 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd algodoo.exe, wersja 0.0.0.0, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2013-09-07 06:09:43 | Computer Name = KUBEK | Source = Userenv | ID = 1508
Description = System Windows nie może załadować rejestru. Najczęstszą tego przyczyną
jest za mało pamięci lub brak wystarczających praw zabezpieczeń. SZCZEGÓŁY - Proces
nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
for C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\\UsrClass.dat

Error - 2013-09-07 06:09:44 | Computer Name = KUBEK | Source = Userenv | ID = 1500
Description = System Windows nie może wykonać logowania, ponieważ nie można załadować
Twojego profilu. Jeśli ten problem będzie się powtarzać, skontaktuj się z administratorem
sieci. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
przez inny proces.

Error - 2013-09-07 07:01:48 | Computer Name = KUBEK | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 12.16.1860.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-09-07 07:01:52 | Computer Name = KUBEK | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 12.16.1860.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-09-13 12:16:33 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 6.6.0.106, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x06fde5e4.

[ System Events ]
Error - 2013-09-15 08:59:35 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7034
Description = Usługa LogMeIn Hamachi Tunneling Engine niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2013-09-15 09:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 11:51:05 | Computer Name = KUBEK | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.6 dla karty sieciowej o adresie 001D7D9EF54D
został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2013-09-15 11:52:59 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7022
Description = Usługa Wsys Service zawiesiła się podczas uruchamiania.

Error - 2013-09-15 12:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 13:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 14:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 15:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-16 06:41:54 | Computer Name = KUBEK | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.6 dla karty sieciowej o adresie 001D7D9EF54D
został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2013-09-16 06:43:46 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7022
Description = Usługa Wsys Service zawiesiła się podczas uruchamiania.


< End of report >
[/log]

 

Gmer

[log]

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-16 14:50:06
Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3320620AS rev.3.AAK 298,09GB
Running: gmer.exe; Driver: C:\DOCUME~1\kuba\USTAWI~1\Temp\uxtdqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB736F3C0, 0x70A9FA, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text D:\Program Files\Steam\Steam.exe[312] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01761239; RET C:\WINDOWS\system32\28463\WCVR.007
.text D:\Program Files\Steam\Steam.exe[312] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 0176110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtEnumerateValueKey 7C90D976 4 Bytes [68, 39, 12, E8]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtEnumerateValueKey + 5 7C90D97B 1 Byte [C3]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [68, 0E, 11, E8]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtQuerySystemInformation + 5 7C90E1AF 1 Byte [C3]
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!send 71A5428A 5 Bytes JMP 03A129FF
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 03A12C0F
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!recv 71A5615A 5 Bytes JMP 03A12AEC
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 03A12A6C
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 03A12ED8
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSAGetOverlappedResult 71A60D03 5 Bytes JMP 03A12D84
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 013E1239; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 013E110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!SetPropW + 11B 77D3DECE 7 Bytes JMP 108B74F7 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!SetWindowLongA + 19 77D3DEEC 7 Bytes JMP 108B7568 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 108BB116 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 108B4B6D C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\WINDOWS\system32\RunDLL32.exe[1624] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01531239; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\WINDOWS\system32\RunDLL32.exe[1624] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 0153110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01AA1239; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 01AA110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtEnumerateValueKey 7C90D976 4 Bytes [68, 39, 12, FE]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtEnumerateValueKey + 5 7C90D97B 1 Byte [C3]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [68, 0E, 11, FE]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtQuerySystemInformation + 5 7C90E1AF 1 Byte [C3]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0143E9A9 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!lstrlenW + 43 7C809A7C 7 Bytes JMP 01EB0D95 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!MapViewOfFileEx + 6A 7C80B788 7 Bytes JMP 01EB0DDD C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!lstrcpyn + 70 7C810381 7 Bytes JMP 01443D66 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] GDI32.dll!SetWindowOrgEx + 15E 77F1960B 7 Bytes JMP 01EB0E04 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}

---- Processes - GMER 2.1 ----

Process C:\WINDOWS\system32\28463\WCVR.exe (*** hidden *** ) 1724

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0000@D3D_\x3332\x3331 2089301492
Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0001@D3D_\x3332\x3331 2089301492
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0000@D3D_\x3332\x3331 2089301492
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0001@D3D_\x3332\x3331 2089301492
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@WCVR Agent C:\WINDOWS\system32\28463\WCVR.exe

---- EOF - GMER 2.1 ----
[/log]

 

Dzięki.

Udostępnij tego posta


Odnośnik do posta
Udostępnij na stronach

[b]1.[/b] Odinstaluj poprzez aplet Dodaj/usuń programy: [b]saife Savee, BBrowsye2savve, SearchNewTab, SafeSaver 1.74, BrowseToSave 1.74, Search Assistant WebSearch 1.74, WinPcap 3.1, uTorrentControl_v6 Toolbar, WinZipper, Lollipop[/b]

[b]2.[/b] Do OTL w okno [b]Własne opcje skanowania/Skrypt[/b] wklej:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...8&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...8&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.c...8&ts=1376146024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.c...8&ts=1376146024
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...8&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-re...=2&systemid=410
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...8&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-re...=2&systemid=410
IE - HKCU\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4C5001D7D9EF54D&affID=119357&tsp=4979
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-...8&ts=1377241752
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN64634776910812249&UM=1
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1&
FF - prefs.js..browser.search.defaulturl: "http://websearch.sea...unqvl=22&l=1&q="
FF - prefs.js..browser.startup.homepage: "http://websearch.sea...&cc=PL&unqvl=22"
FF - prefs.js..browser.startup.homepage: "http://www.delta-hom...8&ts=1377241752"
FF - prefs.js..browser.search.defaultenginename: "delta-homes"
FF - prefs.js..browser.search.order.1: "delta-homes"
[2013-07-20 17:10:11 | 000,000,000 | ---D | M] (saife Savee) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eiiioa@a-.net
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\babylon.xml
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\BrowserDefender.xml
[2013-07-20 20:11:28 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\delta.xml
[2013-07-20 17:10:16 | 000,007,845 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\WebSearch.xml
CHR - default_search_provider: delta-homes (Enabled)
CHR - default_search_provider: search_url = http://search.delta-...type=default&q={searchTerms}
CHR - homepage: http://www.delta-hom...8&ts=1377241752
CHR - Extension: Hola Toolbar = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hfikdpojhgckaejifppccjeedkjcndpp\1.0_1\
O2 - BHO: (saife Savee) - {0F16CD64-6CD4-D095-22B0-6D9440BC56A1} - C:\Documents and Settings\All Users\Dane aplikacji\saife Savee\51c959d7abb59.dll ()
O2 - BHO: (SearchNewTab) - {2D93D711-BC37-3CBC-E019-C4AD1B9F3B48} - C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab\51c959e07af82.dll ()
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O4 - HKCU..\Run: [lollipop_08281543] c:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe ()
O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe) - C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O4 - Startup: C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe ()

:Files
C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop
C:\Documents and Settings\kuba\Dane aplikacji\WinZipper
C:\WINDOWS\tasks\At*.job
C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC
C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab
C:\Documents and Settings\All Users\Dane aplikacji\saife Savee
C:\Program Files\WinZipper
C:\Documents and Settings\All Users\Dane aplikacji\eSafe
C:\Documents and Settings\All Users\Menu Start\Programy\WinZipper
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\uTorrentControl_v6
C:\WINDOWS\system32\28463
C:\Program Files\WinPcap

:Services
winzipersvc
WsysSvc
UserAccess7
rpcapd

:Commands
[emptytemp]
Kliknij [b]Wykonaj skrypt,[/b] pokaż raport.

[b]3.[/b] Użyj [url=http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner][b]AdwCleaner[/b][/url] z opcji [b]Usuń.[/b] Pokaż raport.

[b]4.[/b] Pokaż zestaw nowych logów.

Udostępnij tego posta


Odnośnik do posta
Udostępnij na stronach

Żeby dodać komentarz, musisz założyć konto lub zalogować się

Tylko zarejestrowani użytkownicy mogą dodawać komentarze

Dodaj konto

Załóż nowe konto. To bardzo proste!


Zarejestruj nowe konto

Zaloguj się

Posiadasz już konto? Zaloguj się tutaj.


Zaloguj się teraz

  • Przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników, przeglądających tę stronę.