Sign in to follow this  
Followers 0
BUBUs

Reklamy w przeglądarce

2 posts in this topic

Witam,

Proszę o sprawdzenie logów, gdyż po uruchomieniu przeglądarki (Opera) wyskakują reklamy.

 

OTL

[log]

OTL logfile created on: 2013-09-16 12:50:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kuba\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,59% Memory free
3,85 Gb Paging File | 2,95 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59,26 Gb Total Space | 16,42 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
Drive D: | 83,63 Gb Total Space | 72,80 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive E: | 73,69 Gb Total Space | 72,28 Gb Free Space | 98,09% Space Free | Partition Type: NTFS
Drive F: | 81,51 Gb Total Space | 27,40 Gb Free Space | 33,61% Space Free | Partition Type: NTFS
Drive G: | 683,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 928,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KUBEK | User Name: kuba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-09-16 12:48:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe
PRC - [2013-09-08 11:58:29 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe
PRC - [2013-09-08 11:58:20 | 004,009,024 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe
PRC - [2013-09-08 11:58:17 | 000,132,160 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe
PRC - [2013-09-06 22:55:38 | 001,811,368 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2013-08-28 17:43:17 | 002,498,560 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop\lollipop_08281543.exe
PRC - [2013-08-23 09:08:48 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files\WinZipper\winzipersvc.exe
PRC - [2013-08-22 06:03:49 | 000,303,680 | ---- | M] (Wsys Co., Ltd.) -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe
PRC - [2013-08-10 16:48:03 | 001,126,480 | ---- | M] (BitTorrent Inc.) -- F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe
PRC - [2013-07-29 12:41:14 | 003,402,304 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe
PRC - [2013-07-25 09:43:24 | 008,062,464 | ---- | M] (AQQ Sp. z o.o.) -- F:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2013-07-23 19:15:46 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-07-05 18:52:26 | 000,273,699 | ---- | M] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe
PRC - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2013-07-05 13:33:33 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013-06-27 18:40:18 | 001,205,088 | ---- | M] (TorchMedia Inc.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Update\TorchCrashHandler.exe
PRC - [2013-04-04 13:03:47 | 004,288,048 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2013-03-15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-12-21 14:13:05 | 000,741,888 | -HS- | M] (Microsoft Corp.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-09-11 19:13:51 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013-09-08 11:58:25 | 003,048,960 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozjs.dll
MOD - [2013-09-08 11:58:15 | 016,166,248 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2013-09-06 22:55:40 | 001,120,680 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013-08-28 17:43:17 | 002,498,560 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop\lollipop_08281543.exe
MOD - [2013-08-23 09:08:48 | 000,612,520 | ---- | M] () -- C:\Program Files\WinZipper\sqlite3.dll
MOD - [2013-08-22 00:18:28 | 000,687,104 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll
MOD - [2013-08-07 21:31:06 | 020,625,832 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013-07-29 12:41:14 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\zlib1.dll
MOD - [2013-07-05 18:52:26 | 000,273,699 | ---- | M] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe
MOD - [2013-07-05 18:49:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\28463\WCVR.006
MOD - [2013-07-05 18:49:26 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\28463\WCVR.007
MOD - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
MOD - [2013-07-05 13:33:49 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013-07-05 13:33:49 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013-07-05 13:33:49 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013-07-05 13:33:49 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013-07-05 13:33:49 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013-07-05 13:33:49 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013-07-05 13:33:48 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013-07-05 13:33:48 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013-07-05 13:33:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013-07-05 13:33:48 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013-07-05 13:33:48 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013-07-05 13:33:48 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013-06-15 01:49:12 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2013-06-15 01:49:12 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2013-06-15 01:49:12 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2013-04-04 13:03:47 | 004,288,048 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2013-09-11 19:13:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-08-23 09:08:48 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2013-08-22 06:03:49 | 000,303,680 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013-07-23 19:15:46 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
SRV - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013-06-27 18:40:18 | 001,205,088 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-06-18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2005-08-02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013-04-06 18:06:43 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-06-19 10:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011-12-08 08:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011-06-15 15:11:20 | 000,036,384 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2011-06-15 15:11:20 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2011-06-15 15:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLANMP)
DRV - [2011-06-15 15:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004-08-03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1376146024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1376146024
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=2&systemid=410
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=2&systemid=410
IE - HKCU\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4C5001D7D9EF54D&affID=119357&tsp=4979
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN64634776910812249&UM=1
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaulturl: "http://websearch.searchdwebs.info/?pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22&l=1&q="
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B906000a4-88d9-4d52-b209-7a772970d91f%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.startup.homepage: "http://websearch.searchdwebs.info/?pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22"
FF - prefs.js..browser.startup.homepage: "http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752"
FF - prefs.js..browser.search.defaultenginename: "delta-homes"
FF - prefs.js..browser.search.order.1: "delta-homes"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.selectedEngine: "delta-homes"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: F:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins

[2013-04-12 14:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Extensions
[2013-08-22 13:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions
[2013-08-01 20:04:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013-07-20 17:10:11 | 000,000,000 | ---D | M] (saife Savee) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eiiioa@a-.net
[2013-07-20 17:10:11 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eyeotuaia@dqywa-.co.uk
[2013-08-19 13:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\ffxtlbr@babylon.com
[2013-08-01 20:04:38 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\babylon.xml
[2013-07-15 09:14:37 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\bingp.xml
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\BrowserDefender.xml
[2013-07-20 20:11:28 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\delta.xml
[2013-07-20 17:10:16 | 000,007,845 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\WebSearch.xml
[2013-04-04 14:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: delta-homes (Enabled)
CHR - default_search_provider: search_url = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752&type=default&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - Extension: Hola Toolbar = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hfikdpojhgckaejifppccjeedkjcndpp\1.0_1\
CHR - Extension: Lightning Newtab = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0\
CHR - Extension: Torch Share = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_1\
CHR - Extension: Helper extension = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla\2.0_0\
CHR - Extension: Google Wallet Service = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (saife Savee) - {0F16CD64-6CD4-D095-22B0-6D9440BC56A1} - C:\Documents and Settings\All Users\Dane aplikacji\saife Savee\51c959d7abb59.dll ()
O2 - BHO: (SearchNewTab) - {2D93D711-BC37-3CBC-E019-C4AD1B9F3B48} - C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab\51c959e07af82.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [AQQ] F:\Program Files\WapSter\WapSter AQQ\AQQ.exe (AQQ Sp. z o.o.)
O4 - HKCU..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GG] C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKCU..\Run: [lollipop_08281543] c:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{851FF65C-3CCD-403F-95C5-F4475475A56A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe) - C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-04-03 20:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-03-29 10:16:20 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{48593422-9d13-11e2-8c2c-811d89ddc524}\Shell\AutoRun\command - "" = RunClubSanDisk.exe
O33 - MountPoints2\{bd7dfd95-9c93-11e2-a0f4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd7dfd95-9c93-11e2-a0f4-806d6172696f}\Shell\AutoRun\command - "" = G:\start.exe -- [2007-01-23 10:30:52 | 000,561,152 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-09-16 12:48:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe
[2013-09-09 21:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\Awesomium
[2013-09-09 20:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2013-09-09 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-09-09 20:49:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2013-09-09 20:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Menu Start\Programy\Steam
[2013-09-09 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam
[2013-09-09 18:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Play
[2013-09-08 11:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-09-07 08:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Moje dokumenty\Gameforge Live
[2013-09-07 08:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Gameforge4d
[2013-09-07 08:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gameforge Live
[2013-09-03 15:15:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kuba\Pulpit\Pierdoły
[2013-09-02 17:34:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\kuba\GG dysk
[2013-09-02 17:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\GG
[2013-09-02 17:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG
[2013-08-30 16:24:41 | 020,824,290 | ---- | C] (BR3ND ) -- C:\Documents and Settings\kuba\Moje dokumenty\Pliki serwerowe by BR3ND [1.6.2] V1.1.exe
[2013-08-29 20:59:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kuba\Recent
[2013-08-23 09:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinZipper
[2013-08-23 09:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipper
[2013-08-23 09:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\WinZipper
[2013-08-20 20:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2013-08-20 20:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\PriceGong
[2013-08-20 20:50:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kuba\PrivacIE
[2013-08-20 20:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\VIO Player
[2013-08-20 20:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\VIO Player
[2013-08-20 20:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013-08-20 20:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\APN
[2013-08-19 16:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
[2013-08-19 16:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\avgchrome
[2013-08-19 14:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Moje dokumenty\My ISO Files
[2013-08-19 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\WinISO Computing
[2013-08-19 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\WinISO Computing
[2013-08-19 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinISO Computing
[2013-08-19 13:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2013-08-19 13:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\San Andreas Mod Installer
[2013-08-17 20:19:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kuba\IETldCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-09-16 12:48:59 | 000,685,248 | ---- | M] () -- C:\Documents and Settings\kuba\Pulpit\Gmer(13252).exe
[2013-09-16 12:48:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe
[2013-09-16 12:47:46 | 000,524,886 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2013-09-16 12:47:46 | 000,463,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-09-16 12:47:46 | 000,100,820 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2013-09-16 12:47:46 | 000,079,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-09-16 12:44:08 | 000,025,494 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013-09-16 12:41:55 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-16 12:41:54 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013-09-16 12:41:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-09-15 21:36:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013-09-15 21:34:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-15 21:13:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-09-15 17:52:24 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2013-09-11 19:13:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-09-11 19:13:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-09-09 20:49:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-09-09 14:20:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-09-02 17:34:22 | 000,001,131 | ---- | M] () -- C:\Documents and Settings\kuba\Pulpit\GG.lnk
[2013-08-30 16:25:30 | 020,824,290 | ---- | M] (BR3ND ) -- C:\Documents and Settings\kuba\Moje dokumenty\Pliki serwerowe by BR3ND [1.6.2] V1.1.exe
[2013-08-30 16:18:36 | 000,675,988 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\Minecraft.exe
[2013-08-29 21:02:35 | 000,000,127 | ---- | M] () -- C:\WINDOWS\_delis43.ini
[2013-08-29 20:59:45 | 000,003,894 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130829_205934.reg
[2013-08-23 17:24:23 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-08-23 09:08:48 | 000,773,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013-08-23 09:08:48 | 000,421,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013-08-22 13:43:54 | 000,030,190 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130822_134349.reg
[2013-08-21 12:43:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DLL-files.com Fixer_UPDATES.job
[2013-08-19 16:34:34 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2013-08-19 14:32:13 | 483,188,736 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.img
[2013-08-19 14:32:09 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.dvd
[2013-08-19 13:35:28 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-09-16 12:48:59 | 000,685,248 | ---- | C] () -- C:\Documents and Settings\kuba\Pulpit\Gmer(13252).exe
[2013-09-09 20:49:37 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013-09-02 17:34:22 | 000,001,131 | ---- | C] () -- C:\Documents and Settings\kuba\Pulpit\GG.lnk
[2013-09-02 17:34:19 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\kuba\Menu Start\Programy\GG.lnk
[2013-08-30 16:18:36 | 000,675,988 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\Minecraft.exe
[2013-08-29 21:02:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2013-08-29 20:59:35 | 000,003,894 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130829_205934.reg
[2013-08-22 13:43:50 | 000,030,190 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130822_134349.reg
[2013-08-19 16:34:34 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2013-08-19 14:17:31 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.dvd
[2013-08-19 14:17:18 | 483,188,736 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.img
[2013-08-19 13:35:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013-08-17 20:19:05 | 000,001,047 | ---- | C] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Internet Explorer.lnk
[2013-07-05 16:50:12 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2013-06-25 13:35:10 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2013-06-25 13:35:10 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2013-06-25 13:35:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2013-05-31 15:11:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-05-21 16:02:53 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013-05-21 16:02:53 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\kuba\Dane aplikacji\PnkBstrK.sys
[2013-05-21 16:02:18 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013-05-21 16:02:15 | 002,337,865 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2013-05-21 16:02:15 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2013-05-05 18:38:36 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2013-04-04 19:21:21 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013-04-04 15:48:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013-04-04 13:08:10 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 12:59:28 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013-04-04 12:59:28 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013-04-04 12:59:28 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013-04-04 12:59:15 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013-04-03 21:54:37 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013-04-03 21:51:43 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-04-03 20:10:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-04-03 20:04:37 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013-06-09 16:27:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-01-07 18:21:32 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004-08-04 00:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-04 00:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013-08-31 18:49:30 | 000,010,933 | ---- | M] ()(C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR?_1377709607.hbs) -- C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR➴_1377709607.hbs
[2013-08-31 18:49:30 | 000,010,933 | ---- | C] ()(C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR?_1377709607.hbs) -- C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR➴_1377709607.hbs

< End of report >
[/log]

 

Extras

[log]

 

OTL Extras logfile created on: 2013-09-16 12:50:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kuba\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,59% Memory free
3,85 Gb Paging File | 2,95 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59,26 Gb Total Space | 16,42 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
Drive D: | 83,63 Gb Total Space | 72,80 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive E: | 73,69 Gb Total Space | 72,28 Gb Free Space | 98,09% Space Free | Partition Type: NTFS
Drive F: | 81,51 Gb Total Space | 27,40 Gb Free Space | 33,61% Space Free | Partition Type: NTFS
Drive G: | 683,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 928,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KUBEK | User Name: kuba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (All) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Documents and Settings\kuba\Dane aplikacji\File Scout\filescout.exe" /open "%1" ()
Directory [ChomikBox.Upload] -- "C:\Program Files\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57994:TCP" = 57994:TCP:*:Enabled:Pando Media Booster
"57994:UDP" = 57994:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57994:TCP" = 57994:TCP:*:Enabled:Pando Media Booster
"57994:UDP" = 57994:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:War Thunder
"443:TCP" = 443:TCP:*:Enabled:War Thunder
"20010:UDP" = 20010:UDP:*:Enabled:War Thunder
"3478:UDP" = 3478:UDP:*:Enabled:War Thunder
"7850:TCP" = 7850:TCP:*:Enabled:War Thunder
"27022:TCP" = 27022:TCP:*:Enabled:War Thunder
"6881:TCP" = 6881:TCP:*:Enabled:War Thunder
"33333:TCP" = 33333:TCP:*:Enabled:War Thunder
"20443:TCP" = 20443:TCP:*:Enabled:War Thunder
"8090:TCP" = 8090:TCP:*:Enabled:War Thunder

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"F:\Gry\KAG\KAG.exe" = F:\Gry\KAG\KAG.exe:*:Enabled:KAG -- ()
"C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe:*:Enabled:GameCenter@Mail.Ru
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\ExpressFiles\expressdl.exe" = C:\Program Files\ExpressFiles\expressdl.exe:*:Enabled:Express Files
"C:\Program Files\ExpressFiles\ExpressFiles.exe" = C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe" = F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\Steam\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe" = D:\Program Files\Steam\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe:*:Enabled:Forge -- (Epic Games, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{26050F54-3928-4D9C-849A-C48A9E831E6F}" = ChomikBox
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{643B056F-61C1-4489-9797-4D846D101A7A}" = King Arthur's Gold
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{897596EA-D1EC-4C65-AC9E-008AA6F751C6}_is1" = Pliki serwerowe by BR3ND [1.6.2] V1.1 wersja 1.1
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{924C3DC2-8E4E-432E-F973-9A2174A39774}" = saife Savee
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{975E691C-D9EF-4CFB-A9C7-AB44F4201B0C}_is1" = Warblade 1.33
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.7.0 "Legend"
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = BBrowsye2savve
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SearchNewTab
"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Algodoo_is1" = Algodoo v2.1.0
"Alien Nations 2 PL" = Alien Nations 2 PL
"AQQ" = WapSter AQQ
"CCleaner" = CCleaner
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dll-Files Fixer_is1" = Dll-Files Fixer
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Firefox 22.0 (x86 pl)" = Mozilla Firefox 22.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCut_is1" = NetCut 2.08
"Notepad++" = Notepad++
"Opera 12.16.1860" = Opera 12.16
"PunkBusterSvc" = PunkBuster Services
"Re-Volt" = Re-Volt
"SP_0bdf5975" = SafeSaver 1.74
"SP_48c708f2" = BrowseToSave 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"Steam App 223390" = Forge
"uTorrentControl_v6 Toolbar" = uTorrentControl_v6 Toolbar
"Wędkarz 2_is1" = Wędkarz 2
"WIC" = Windows Imaging Component
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WinZipper" = WinZipper

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
"lollipop_08281543" = Lollipop
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-08-22 07:07:07 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd lollipop_06171325.exe, wersja 0.0.0.0, moduł
powodujący błąd lollipop_06171325.exe, wersja 0.0.0.0, adres błędu 0x001c1241.

Error - 2013-08-31 06:45:24 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd lollipop_08281543.exe, wersja 0.0.0.0, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x05e2e5cf.

Error - 2013-09-03 10:32:28 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd algodoo.exe, wersja 0.0.0.0, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2013-09-07 06:09:43 | Computer Name = KUBEK | Source = Userenv | ID = 1508
Description = System Windows nie może załadować rejestru. Najczęstszą tego przyczyną
jest za mało pamięci lub brak wystarczających praw zabezpieczeń. SZCZEGÓŁY - Proces
nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
for C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\\UsrClass.dat

Error - 2013-09-07 06:09:44 | Computer Name = KUBEK | Source = Userenv | ID = 1500
Description = System Windows nie może wykonać logowania, ponieważ nie można załadować
Twojego profilu. Jeśli ten problem będzie się powtarzać, skontaktuj się z administratorem
sieci. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
przez inny proces.

Error - 2013-09-07 07:01:48 | Computer Name = KUBEK | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 12.16.1860.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-09-07 07:01:52 | Computer Name = KUBEK | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 12.16.1860.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-09-13 12:16:33 | Computer Name = KUBEK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 6.6.0.106, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x06fde5e4.

[ System Events ]
Error - 2013-09-15 08:59:35 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7034
Description = Usługa LogMeIn Hamachi Tunneling Engine niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2013-09-15 09:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 11:51:05 | Computer Name = KUBEK | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.6 dla karty sieciowej o adresie 001D7D9EF54D
został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2013-09-15 11:52:59 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7022
Description = Usługa Wsys Service zawiesiła się podczas uruchamiania.

Error - 2013-09-15 12:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 13:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 14:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-15 15:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901
Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił
następujący błąd: %%2147942402

Error - 2013-09-16 06:41:54 | Computer Name = KUBEK | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.6 dla karty sieciowej o adresie 001D7D9EF54D
został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2013-09-16 06:43:46 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7022
Description = Usługa Wsys Service zawiesiła się podczas uruchamiania.


< End of report >
[/log]

 

Gmer

[log]

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-16 14:50:06
Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3320620AS rev.3.AAK 298,09GB
Running: gmer.exe; Driver: C:\DOCUME~1\kuba\USTAWI~1\Temp\uxtdqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB736F3C0, 0x70A9FA, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text D:\Program Files\Steam\Steam.exe[312] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01761239; RET C:\WINDOWS\system32\28463\WCVR.007
.text D:\Program Files\Steam\Steam.exe[312] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 0176110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtEnumerateValueKey 7C90D976 4 Bytes [68, 39, 12, E8]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtEnumerateValueKey + 5 7C90D97B 1 Byte [C3]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [68, 0E, 11, E8]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtQuerySystemInformation + 5 7C90E1AF 1 Byte [C3]
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!send 71A5428A 5 Bytes JMP 03A129FF
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 03A12C0F
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!recv 71A5615A 5 Bytes JMP 03A12AEC
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 03A12A6C
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 03A12ED8
.text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSAGetOverlappedResult 71A60D03 5 Bytes JMP 03A12D84
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 013E1239; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 013E110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!SetPropW + 11B 77D3DECE 7 Bytes JMP 108B74F7 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!SetWindowLongA + 19 77D3DEEC 7 Bytes JMP 108B7568 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 108BB116 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 108B4B6D C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\WINDOWS\system32\RunDLL32.exe[1624] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01531239; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\WINDOWS\system32\RunDLL32.exe[1624] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 0153110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01AA1239; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 01AA110E; RET C:\WINDOWS\system32\28463\WCVR.007
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtEnumerateValueKey 7C90D976 4 Bytes [68, 39, 12, FE]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtEnumerateValueKey + 5 7C90D97B 1 Byte [C3]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [68, 0E, 11, FE]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtQuerySystemInformation + 5 7C90E1AF 1 Byte [C3]
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0143E9A9 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!lstrlenW + 43 7C809A7C 7 Bytes JMP 01EB0D95 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!MapViewOfFileEx + 6A 7C80B788 7 Bytes JMP 01EB0DDD C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!lstrcpyn + 70 7C810381 7 Bytes JMP 01443D66 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] GDI32.dll!SetWindowOrgEx + 15E 77F1960B 7 Bytes JMP 01EB0E04 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12]
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL}
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11]
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL}

---- Processes - GMER 2.1 ----

Process C:\WINDOWS\system32\28463\WCVR.exe (*** hidden *** ) 1724

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0000@D3D_\x3332\x3331 2089301492
Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0001@D3D_\x3332\x3331 2089301492
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0000@D3D_\x3332\x3331 2089301492
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0001@D3D_\x3332\x3331 2089301492
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@WCVR Agent C:\WINDOWS\system32\28463\WCVR.exe

---- EOF - GMER 2.1 ----
[/log]

 

Dzięki.

Share this post


Link to post
Share on other sites

[b]1.[/b] Odinstaluj poprzez aplet Dodaj/usuń programy: [b]saife Savee, BBrowsye2savve, SearchNewTab, SafeSaver 1.74, BrowseToSave 1.74, Search Assistant WebSearch 1.74, WinPcap 3.1, uTorrentControl_v6 Toolbar, WinZipper, Lollipop[/b]

[b]2.[/b] Do OTL w okno [b]Własne opcje skanowania/Skrypt[/b] wklej:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...8&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...8&ts=1377241752
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.c...8&ts=1376146024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.c...8&ts=1376146024
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...8&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-re...=2&systemid=410
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...8&ts=1377241752
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-re...=2&systemid=410
IE - HKCU\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4C5001D7D9EF54D&affID=119357&tsp=4979
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-...8&ts=1377241752
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN64634776910812249&UM=1
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1&
FF - prefs.js..browser.search.defaulturl: "http://websearch.sea...unqvl=22&l=1&q="
FF - prefs.js..browser.startup.homepage: "http://websearch.sea...&cc=PL&unqvl=22"
FF - prefs.js..browser.startup.homepage: "http://www.delta-hom...8&ts=1377241752"
FF - prefs.js..browser.search.defaultenginename: "delta-homes"
FF - prefs.js..browser.search.order.1: "delta-homes"
[2013-07-20 17:10:11 | 000,000,000 | ---D | M] (saife Savee) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eiiioa@a-.net
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\babylon.xml
[2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\BrowserDefender.xml
[2013-07-20 20:11:28 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\delta.xml
[2013-07-20 17:10:16 | 000,007,845 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\WebSearch.xml
CHR - default_search_provider: delta-homes (Enabled)
CHR - default_search_provider: search_url = http://search.delta-...type=default&q={searchTerms}
CHR - homepage: http://www.delta-hom...8&ts=1377241752
CHR - Extension: Hola Toolbar = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hfikdpojhgckaejifppccjeedkjcndpp\1.0_1\
O2 - BHO: (saife Savee) - {0F16CD64-6CD4-D095-22B0-6D9440BC56A1} - C:\Documents and Settings\All Users\Dane aplikacji\saife Savee\51c959d7abb59.dll ()
O2 - BHO: (SearchNewTab) - {2D93D711-BC37-3CBC-E019-C4AD1B9F3B48} - C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab\51c959e07af82.dll ()
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
O4 - HKCU..\Run: [lollipop_08281543] c:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe ()
O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe) - C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.)
O4 - Startup: C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe ()

:Files
C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop
C:\Documents and Settings\kuba\Dane aplikacji\WinZipper
C:\WINDOWS\tasks\At*.job
C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC
C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab
C:\Documents and Settings\All Users\Dane aplikacji\saife Savee
C:\Program Files\WinZipper
C:\Documents and Settings\All Users\Dane aplikacji\eSafe
C:\Documents and Settings\All Users\Menu Start\Programy\WinZipper
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\uTorrentControl_v6
C:\WINDOWS\system32\28463
C:\Program Files\WinPcap

:Services
winzipersvc
WsysSvc
UserAccess7
rpcapd

:Commands
[emptytemp]
Kliknij [b]Wykonaj skrypt,[/b] pokaż raport.

[b]3.[/b] Użyj [url=http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner][b]AdwCleaner[/b][/url] z opcji [b]Usuń.[/b] Pokaż raport.

[b]4.[/b] Pokaż zestaw nowych logów.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.