BUBUs utworzono 16 września 2013 utworzono 16 września 2013 Witam, Proszę o sprawdzenie logów, gdyż po uruchomieniu przeglądarki (Opera) wyskakują reklamy. OTL [log] OTL logfile created on: 2013-09-16 12:50:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kuba\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,59% Memory free 3,85 Gb Paging File | 2,95 Gb Available in Paging File | 76,70% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 59,26 Gb Total Space | 16,42 Gb Free Space | 27,70% Space Free | Partition Type: NTFS Drive D: | 83,63 Gb Total Space | 72,80 Gb Free Space | 87,05% Space Free | Partition Type: NTFS Drive E: | 73,69 Gb Total Space | 72,28 Gb Free Space | 98,09% Space Free | Partition Type: NTFS Drive F: | 81,51 Gb Total Space | 27,40 Gb Free Space | 33,61% Space Free | Partition Type: NTFS Drive G: | 683,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 928,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUBEK | User Name: kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-09-16 12:48:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe PRC - [2013-09-08 11:58:29 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe PRC - [2013-09-08 11:58:20 | 004,009,024 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe PRC - [2013-09-08 11:58:17 | 000,132,160 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe PRC - [2013-09-06 22:55:38 | 001,811,368 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe PRC - [2013-08-28 17:43:17 | 002,498,560 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop\lollipop_08281543.exe PRC - [2013-08-23 09:08:48 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files\WinZipper\winzipersvc.exe PRC - [2013-08-22 06:03:49 | 000,303,680 | ---- | M] (Wsys Co., Ltd.) -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe PRC - [2013-08-10 16:48:03 | 001,126,480 | ---- | M] (BitTorrent Inc.) -- F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe PRC - [2013-07-29 12:41:14 | 003,402,304 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe PRC - [2013-07-25 09:43:24 | 008,062,464 | ---- | M] (AQQ Sp. z o.o.) -- F:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2013-07-23 19:15:46 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013-07-05 18:52:26 | 000,273,699 | ---- | M] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe PRC - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe PRC - [2013-07-05 13:33:33 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2013-06-27 18:40:18 | 001,205,088 | ---- | M] (TorchMedia Inc.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Update\TorchCrashHandler.exe PRC - [2013-04-04 13:03:47 | 004,288,048 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe PRC - [2013-03-15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-12-21 14:13:05 | 000,741,888 | -HS- | M] (Microsoft Corp.) -- C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-09-11 19:13:51 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll MOD - [2013-09-08 11:58:25 | 003,048,960 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozjs.dll MOD - [2013-09-08 11:58:15 | 016,166,248 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll MOD - [2013-09-06 22:55:40 | 001,120,680 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll MOD - [2013-08-28 17:43:17 | 002,498,560 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop\lollipop_08281543.exe MOD - [2013-08-23 09:08:48 | 000,612,520 | ---- | M] () -- C:\Program Files\WinZipper\sqlite3.dll MOD - [2013-08-22 00:18:28 | 000,687,104 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll MOD - [2013-08-07 21:31:06 | 020,625,832 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll MOD - [2013-07-29 12:41:14 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\zlib1.dll MOD - [2013-07-05 18:52:26 | 000,273,699 | ---- | M] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe MOD - [2013-07-05 18:49:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\28463\WCVR.006 MOD - [2013-07-05 18:49:26 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\28463\WCVR.007 MOD - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe MOD - [2013-07-05 13:33:49 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013-07-05 13:33:49 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013-07-05 13:33:49 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013-07-05 13:33:49 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013-07-05 13:33:49 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013-07-05 13:33:49 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2013-07-05 13:33:48 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2013-07-05 13:33:48 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013-07-05 13:33:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013-07-05 13:33:48 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013-07-05 13:33:48 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013-07-05 13:33:48 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013-06-15 01:49:12 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll MOD - [2013-06-15 01:49:12 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll MOD - [2013-06-15 01:49:12 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll MOD - [2013-04-04 13:03:47 | 004,288,048 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-09-11 19:13:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-08-28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-08-23 09:08:48 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files\WinZipper\winzipersvc.exe -- (winzipersvc) SRV - [2013-08-22 06:03:49 | 000,303,680 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe -- (WsysSvc) SRV - [2013-07-23 19:15:46 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013-07-05 16:50:12 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SRV - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013-06-27 18:40:18 | 001,205,088 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler) SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-06-18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-03-15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2005-08-02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-04-06 18:06:43 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-06-19 10:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2011-12-08 08:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2011-06-15 15:11:20 | 000,036,384 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING) DRV - [2011-06-15 15:11:20 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x) DRV - [2011-06-15 15:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLANMP) DRV - [2011-06-15 15:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN) DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2004-08-03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1376146024 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1376146024 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=2&systemid=410 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=2&systemid=410 IE - HKCU\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4C5001D7D9EF54D&affID=119357&tsp=4979 IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN64634776910812249&UM=1 IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaulturl: "http://websearch.searchdwebs.info/?pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22&l=1&q=" FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..extensions.enabledAddons: %7B906000a4-88d9-4d52-b209-7a772970d91f%7D:2.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..browser.startup.homepage: "http://websearch.searchdwebs.info/?pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22" FF - prefs.js..browser.startup.homepage: "http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752" FF - prefs.js..browser.search.defaultenginename: "delta-homes" FF - prefs.js..browser.search.order.1: "delta-homes" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.search.selectedEngine: "delta-homes" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: F:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2013-04-12 14:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Extensions [2013-08-22 13:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions [2013-08-01 20:04:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-07-20 17:10:11 | 000,000,000 | ---D | M] (saife Savee) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eiiioa@a-.net [2013-07-20 17:10:11 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eyeotuaia@dqywa-.co.uk [2013-08-19 13:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\ffxtlbr@babylon.com [2013-08-01 20:04:38 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\babylon.xml [2013-07-15 09:14:37 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\bingp.xml [2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\BrowserDefender.xml [2013-07-20 20:11:28 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\delta.xml [2013-07-20 17:10:16 | 000,007,845 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\WebSearch.xml [2013-04-04 14:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: delta-homes (Enabled) CHR - default_search_provider: search_url = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752&type=default&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST3320620AS_9QF8TB08XXXX9QF8TB08&ts=1377241752 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Adobe Acrobat (Enabled) = F:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll CHR - Extension: Hola Toolbar = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hfikdpojhgckaejifppccjeedkjcndpp\1.0_1\ CHR - Extension: Lightning Newtab = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0\ CHR - Extension: Torch Share = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_1\ CHR - Extension: Helper extension = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla\2.0_0\ CHR - Extension: Google Wallet Service = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\ O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (saife Savee) - {0F16CD64-6CD4-D095-22B0-6D9440BC56A1} - C:\Documents and Settings\All Users\Dane aplikacji\saife Savee\51c959d7abb59.dll () O2 - BHO: (SearchNewTab) - {2D93D711-BC37-3CBC-E019-C4AD1B9F3B48} - C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab\51c959e07af82.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKCU..\Run: [AQQ] F:\Program Files\WapSter\WapSter AQQ\AQQ.exe (AQQ Sp. z o.o.) O4 - HKCU..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKCU..\Run: [GG] C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (GG Network S.A.) O4 - HKCU..\Run: [lollipop_08281543] c:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe () O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.) O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - Startup: C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{851FF65C-3CCD-403F-95C5-F4475475A56A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe) - C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-04-03 20:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007-03-29 10:16:20 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{48593422-9d13-11e2-8c2c-811d89ddc524}\Shell\AutoRun\command - "" = RunClubSanDisk.exe O33 - MountPoints2\{bd7dfd95-9c93-11e2-a0f4-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{bd7dfd95-9c93-11e2-a0f4-806d6172696f}\Shell\AutoRun\command - "" = G:\start.exe -- [2007-01-23 10:30:52 | 000,561,152 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-09-16 12:48:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe [2013-09-09 21:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\Awesomium [2013-09-09 20:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2013-09-09 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013-09-09 20:49:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ [2013-09-09 20:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Menu Start\Programy\Steam [2013-09-09 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam [2013-09-09 18:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Play [2013-09-08 11:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GG [2013-09-07 08:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Moje dokumenty\Gameforge Live [2013-09-07 08:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Gameforge4d [2013-09-07 08:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gameforge Live [2013-09-03 15:15:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kuba\Pulpit\Pierdoły [2013-09-02 17:34:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\kuba\GG dysk [2013-09-02 17:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\GG [2013-09-02 17:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG [2013-08-30 16:24:41 | 020,824,290 | ---- | C] (BR3ND ) -- C:\Documents and Settings\kuba\Moje dokumenty\Pliki serwerowe by BR3ND [1.6.2] V1.1.exe [2013-08-29 20:59:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kuba\Recent [2013-08-23 09:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinZipper [2013-08-23 09:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipper [2013-08-23 09:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\WinZipper [2013-08-20 20:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue [2013-08-20 20:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\PriceGong [2013-08-20 20:50:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kuba\PrivacIE [2013-08-20 20:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\VIO Player [2013-08-20 20:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\VIO Player [2013-08-20 20:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013-08-20 20:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\APN [2013-08-19 16:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\ApplicationHistory [2013-08-19 16:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\avgchrome [2013-08-19 14:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Moje dokumenty\My ISO Files [2013-08-19 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\WinISO Computing [2013-08-19 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kuba\Dane aplikacji\WinISO Computing [2013-08-19 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinISO Computing [2013-08-19 13:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP [2013-08-19 13:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\San Andreas Mod Installer [2013-08-17 20:19:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kuba\IETldCache [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-09-16 12:48:59 | 000,685,248 | ---- | M] () -- C:\Documents and Settings\kuba\Pulpit\Gmer(13252).exe [2013-09-16 12:48:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kuba\Pulpit\OTL.exe [2013-09-16 12:47:46 | 000,524,886 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013-09-16 12:47:46 | 000,463,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-09-16 12:47:46 | 000,100,820 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013-09-16 12:47:46 | 000,079,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-09-16 12:44:08 | 000,025,494 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps [2013-09-16 12:41:55 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-09-16 12:41:54 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job [2013-09-16 12:41:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-09-15 21:36:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2013-09-15 21:34:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-09-15 21:13:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-09-15 17:52:24 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2013-09-11 19:13:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-09-11 19:13:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-09-09 20:49:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013-09-09 14:20:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-09-02 17:34:22 | 000,001,131 | ---- | M] () -- C:\Documents and Settings\kuba\Pulpit\GG.lnk [2013-08-30 16:25:30 | 020,824,290 | ---- | M] (BR3ND ) -- C:\Documents and Settings\kuba\Moje dokumenty\Pliki serwerowe by BR3ND [1.6.2] V1.1.exe [2013-08-30 16:18:36 | 000,675,988 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\Minecraft.exe [2013-08-29 21:02:35 | 000,000,127 | ---- | M] () -- C:\WINDOWS\_delis43.ini [2013-08-29 20:59:45 | 000,003,894 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130829_205934.reg [2013-08-23 17:24:23 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-08-23 09:08:48 | 000,773,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll [2013-08-23 09:08:48 | 000,421,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll [2013-08-22 13:43:54 | 000,030,190 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130822_134349.reg [2013-08-21 12:43:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DLL-files.com Fixer_UPDATES.job [2013-08-19 16:34:34 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2013-08-19 14:32:13 | 483,188,736 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.img [2013-08-19 14:32:09 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.dvd [2013-08-19 13:35:28 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-09-16 12:48:59 | 000,685,248 | ---- | C] () -- C:\Documents and Settings\kuba\Pulpit\Gmer(13252).exe [2013-09-09 20:49:37 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013-09-02 17:34:22 | 000,001,131 | ---- | C] () -- C:\Documents and Settings\kuba\Pulpit\GG.lnk [2013-09-02 17:34:19 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\kuba\Menu Start\Programy\GG.lnk [2013-08-30 16:18:36 | 000,675,988 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\Minecraft.exe [2013-08-29 21:02:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\_delis43.ini [2013-08-29 20:59:35 | 000,003,894 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130829_205934.reg [2013-08-22 13:43:50 | 000,030,190 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\cc_20130822_134349.reg [2013-08-19 16:34:34 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2013-08-19 14:17:31 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.dvd [2013-08-19 14:17:18 | 483,188,736 | ---- | C] () -- C:\Documents and Settings\kuba\Moje dokumenty\gta3.img [2013-08-19 13:35:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job [2013-08-17 20:19:05 | 000,001,047 | ---- | C] () -- C:\Documents and Settings\kuba\Menu Start\Programy\Internet Explorer.lnk [2013-07-05 16:50:12 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe [2013-06-25 13:35:10 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2013-06-25 13:35:10 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2013-06-25 13:35:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2013-05-31 15:11:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013-05-21 16:02:53 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2013-05-21 16:02:53 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\kuba\Dane aplikacji\PnkBstrK.sys [2013-05-21 16:02:18 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2013-05-21 16:02:15 | 002,337,865 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2013-05-21 16:02:15 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2013-05-05 18:38:36 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat [2013-04-04 19:21:21 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2013-04-04 15:48:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2013-04-04 13:08:10 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-04-04 12:59:28 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013-04-04 12:59:28 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013-04-04 12:59:28 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013-04-04 12:59:15 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2013-04-03 21:54:37 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2013-04-03 21:51:43 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-04-03 20:10:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013-04-03 20:04:37 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2013-06-09 16:27:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009-01-07 18:21:32 | 001,497,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004-08-04 00:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-04 00:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Files - Unicode (All) ==========[/color] [2013-08-31 18:49:30 | 000,010,933 | ---- | M] ()(C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR?_1377709607.hbs) -- C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR➴_1377709607.hbs [2013-08-31 18:49:30 | 000,010,933 | ---- | C] ()(C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR?_1377709607.hbs) -- C:\Documents and Settings\kuba\Moje dokumenty\HAXWAR➴_1377709607.hbs < End of report > [/log] Extras [log] OTL Extras logfile created on: 2013-09-16 12:50:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kuba\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,59% Memory free 3,85 Gb Paging File | 2,95 Gb Available in Paging File | 76,70% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 59,26 Gb Total Space | 16,42 Gb Free Space | 27,70% Space Free | Partition Type: NTFS Drive D: | 83,63 Gb Total Space | 72,80 Gb Free Space | 87,05% Space Free | Partition Type: NTFS Drive E: | 73,69 Gb Total Space | 72,28 Gb Free Space | 98,09% Space Free | Partition Type: NTFS Drive F: | 81,51 Gb Total Space | 27,40 Gb Free Space | 33,61% Space Free | Partition Type: NTFS Drive G: | 683,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 928,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUBEK | User Name: kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation) hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- "C:\Documents and Settings\kuba\Dane aplikacji\File Scout\filescout.exe" /open "%1" () Directory [ChomikBox.Upload] -- "C:\Program Files\ChomikBox\\ChomikBox.exe" -u"%1" ( ) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "57994:TCP" = 57994:TCP:*:Enabled:Pando Media Booster "57994:UDP" = 57994:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "57994:TCP" = 57994:TCP:*:Enabled:Pando Media Booster "57994:UDP" = 57994:UDP:*:Enabled:Pando Media Booster "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "80:TCP" = 80:TCP:*:Enabled:War Thunder "443:TCP" = 443:TCP:*:Enabled:War Thunder "20010:UDP" = 20010:UDP:*:Enabled:War Thunder "3478:UDP" = 3478:UDP:*:Enabled:War Thunder "7850:TCP" = 7850:TCP:*:Enabled:War Thunder "27022:TCP" = 27022:TCP:*:Enabled:War Thunder "6881:TCP" = 6881:TCP:*:Enabled:War Thunder "33333:TCP" = 33333:TCP:*:Enabled:War Thunder "20443:TCP" = 20443:TCP:*:Enabled:War Thunder "8090:TCP" = 8090:TCP:*:Enabled:War Thunder [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam "F:\Gry\KAG\KAG.exe" = F:\Gry\KAG\KAG.exe:*:Enabled:KAG -- () "C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe:*:Enabled:GameCenter@Mail.Ru "C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Oracle Corporation) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "C:\Program Files\ExpressFiles\expressdl.exe" = C:\Program Files\ExpressFiles\expressdl.exe:*:Enabled:Express Files "C:\Program Files\ExpressFiles\ExpressFiles.exe" = C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe" = F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.) "D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "D:\Program Files\Steam\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe" = D:\Program Files\Steam\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe:*:Enabled:Forge -- (Epic Games, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks "{26050F54-3928-4D9C-849A-C48A9E831E6F}" = ChomikBox "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6 "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{643B056F-61C1-4489-9797-4D846D101A7A}" = King Arthur's Gold "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{897596EA-D1EC-4C65-AC9E-008AA6F751C6}_is1" = Pliki serwerowe by BR3ND [1.6.2] V1.1 wersja 1.1 "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{924C3DC2-8E4E-432E-F973-9A2174A39774}" = saife Savee "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{975E691C-D9EF-4CFB-A9C7-AB44F4201B0C}_is1" = Warblade 1.33 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.7.0 "Legend" "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = BBrowsye2savve "{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SearchNewTab "{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Algodoo_is1" = Algodoo v2.1.0 "Alien Nations 2 PL" = Alien Nations 2 PL "AQQ" = WapSter AQQ "CCleaner" = CCleaner "Cheat Engine 6.3_is1" = Cheat Engine 6.3 "DAEMON Tools Lite" = DAEMON Tools Lite "Dll-Files Fixer_is1" = Dll-Files Fixer "Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024 "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "ie8" = Windows Internet Explorer 8 "LogMeIn Hamachi" = LogMeIn Hamachi "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Mozilla Firefox 22.0 (x86 pl)" = Mozilla Firefox 22.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NetCut_is1" = NetCut 2.08 "Notepad++" = Notepad++ "Opera 12.16.1860" = Opera 12.16 "PunkBusterSvc" = PunkBuster Services "Re-Volt" = Re-Volt "SP_0bdf5975" = SafeSaver 1.74 "SP_48c708f2" = BrowseToSave 1.74 "SP_b0285714" = Search Assistant WebSearch 1.74 "Steam App 223390" = Forge "uTorrentControl_v6 Toolbar" = uTorrentControl_v6 Toolbar "Wędkarz 2_is1" = Wędkarz 2 "WIC" = Windows Imaging Component "WinPcapInst" = WinPcap 3.1 "WinRAR archiver" = WinRAR 4.20 (32-bitowy) "WinZipper" = WinZipper [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GG" = GG "lollipop_08281543" = Lollipop "Torch" = Torch "UnityWebPlayer" = Unity Web Player "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-08-22 07:07:07 | Computer Name = KUBEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd lollipop_06171325.exe, wersja 0.0.0.0, moduł powodujący błąd lollipop_06171325.exe, wersja 0.0.0.0, adres błędu 0x001c1241. Error - 2013-08-31 06:45:24 | Computer Name = KUBEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd lollipop_08281543.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x05e2e5cf. Error - 2013-09-03 10:32:28 | Computer Name = KUBEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd algodoo.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2013-09-07 06:09:43 | Computer Name = KUBEK | Source = Userenv | ID = 1508 Description = System Windows nie może załadować rejestru. Najczęstszą tego przyczyną jest za mało pamięci lub brak wystarczających praw zabezpieczeń. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. for C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\\UsrClass.dat Error - 2013-09-07 06:09:44 | Computer Name = KUBEK | Source = Userenv | ID = 1500 Description = System Windows nie może wykonać logowania, ponieważ nie można załadować Twojego profilu. Jeśli ten problem będzie się powtarzać, skontaktuj się z administratorem sieci. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. Error - 2013-09-07 07:01:48 | Computer Name = KUBEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca opera.exe, wersja 12.16.1860.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2013-09-07 07:01:52 | Computer Name = KUBEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca opera.exe, wersja 12.16.1860.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2013-09-13 12:16:33 | Computer Name = KUBEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd skype.exe, wersja 6.6.0.106, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x06fde5e4. [ System Events ] Error - 2013-09-15 08:59:35 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7034 Description = Usługa LogMeIn Hamachi Tunneling Engine niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-09-15 09:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901 Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error - 2013-09-15 11:51:05 | Computer Name = KUBEK | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.6 dla karty sieciowej o adresie 001D7D9EF54D został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2013-09-15 11:52:59 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7022 Description = Usługa Wsys Service zawiesiła się podczas uruchamiania. Error - 2013-09-15 12:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901 Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error - 2013-09-15 13:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901 Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error - 2013-09-15 14:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901 Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error - 2013-09-15 15:36:00 | Computer Name = KUBEK | Source = Schedule | ID = 7901 Description = Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error - 2013-09-16 06:41:54 | Computer Name = KUBEK | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.6 dla karty sieciowej o adresie 001D7D9EF54D został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2013-09-16 06:43:46 | Computer Name = KUBEK | Source = Service Control Manager | ID = 7022 Description = Usługa Wsys Service zawiesiła się podczas uruchamiania. < End of report > [/log] Gmer [log] GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-16 14:50:06 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3320620AS rev.3.AAK 298,09GB Running: gmer.exe; Driver: C:\DOCUME~1\kuba\USTAWI~1\Temp\uxtdqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB736F3C0, 0x70A9FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text D:\Program Files\Steam\Steam.exe[312] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01761239; RET C:\WINDOWS\system32\28463\WCVR.007 .text D:\Program Files\Steam\Steam.exe[312] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 0176110E; RET C:\WINDOWS\system32\28463\WCVR.007 .text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe[496] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\WINDOWS\system32\notepad.exe[596] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtEnumerateValueKey 7C90D976 4 Bytes [68, 39, 12, E8] .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtEnumerateValueKey + 5 7C90D97B 1 Byte [C3] .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [68, 0E, 11, E8] .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[708] ntdll.dll!NtQuerySystemInformation + 5 7C90E1AF 1 Byte [C3] .text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\Program Files\Opera\opera.exe[1412] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!send 71A5428A 5 Bytes JMP 03A129FF .text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 03A12C0F .text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!recv 71A5615A 5 Bytes JMP 03A12AEC .text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 03A12A6C .text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 03A12ED8 .text C:\Program Files\Opera\opera.exe[1412] WS2_32.dll!WSAGetOverlappedResult 71A60D03 5 Bytes JMP 03A12D84 .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 013E1239; RET C:\WINDOWS\system32\28463\WCVR.007 .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 013E110E; RET C:\WINDOWS\system32\28463\WCVR.007 .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!SetPropW + 11B 77D3DECE 7 Bytes JMP 108B74F7 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!SetWindowLongA + 19 77D3DEEC 7 Bytes JMP 108B7568 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 108BB116 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1416] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 108B4B6D C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\WINDOWS\system32\RunDLL32.exe[1624] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01531239; RET C:\WINDOWS\system32\28463\WCVR.007 .text C:\WINDOWS\system32\RunDLL32.exe[1624] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 0153110E; RET C:\WINDOWS\system32\28463\WCVR.007 .text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\WINDOWS\system32\ctfmon.exe[1748] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] ntdll.dll!NtEnumerateValueKey 7C90D976 6 Bytes PUSH 01AA1239; RET C:\WINDOWS\system32\28463\WCVR.007 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 01AA110E; RET C:\WINDOWS\system32\28463\WCVR.007 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\Program Files\Messenger\msmsgs.exe[1796] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtEnumerateValueKey 7C90D976 4 Bytes [68, 39, 12, FE] .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtEnumerateValueKey + 5 7C90D97B 1 Byte [C3] .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [68, 0E, 11, FE] .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!NtQuerySystemInformation + 5 7C90E1AF 1 Byte [C3] .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0143E9A9 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!lstrlenW + 43 7C809A7C 7 Bytes JMP 01EB0D95 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!MapViewOfFileEx + 6A 7C80B788 7 Bytes JMP 01EB0DDD C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] kernel32.dll!lstrcpyn + 70 7C810381 7 Bytes JMP 01443D66 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1820] GDI32.dll!SetWindowOrgEx + 15E 77F1960B 7 Bytes JMP 01EB0E04 C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text F:\Documents and Settings\kuba\Dane aplikacji\uTorrent\uTorrent.exe[1880] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1944] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe[1992] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe[2000] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\DOCUME~1\kuba\USTAWI~1\Temp\WzE63.tmp\gmer.exe[2080] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [68, 39, 12] .text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes [68, 0E, 11] .text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 2 Bytes [10, C3] {ADC BL, AL} ---- Processes - GMER 2.1 ---- Process C:\WINDOWS\system32\28463\WCVR.exe (*** hidden *** ) 1724 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0000@D3D_\x3332\x3331 2089301492 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0001@D3D_\x3332\x3331 2089301492 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0000@D3D_\x3332\x3331 2089301492 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{81CF838B-3C08-437D-B0CE-E2DE43D43DDF}\0001@D3D_\x3332\x3331 2089301492 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@WCVR Agent C:\WINDOWS\system32\28463\WCVR.exe ---- EOF - GMER 2.1 ---- [/log] Dzięki.
Natsuki Kuga komentarz 18 września 2013 komentarz 18 września 2013 [b]1.[/b] Odinstaluj poprzez aplet Dodaj/usuń programy: [b]saife Savee, BBrowsye2savve, SearchNewTab, SafeSaver 1.74, BrowseToSave 1.74, Search Assistant WebSearch 1.74, WinPcap 3.1, uTorrentControl_v6 Toolbar, WinZipper, Lollipop[/b] [b]2.[/b] Do OTL w okno [b]Własne opcje skanowania/Skrypt[/b] wklej: :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...8&ts=1377241752 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...8&ts=1377241752 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.c...8&ts=1376146024 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.c...8&ts=1376146024 IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1&q={searchTerms}&pid=298&r=2013/06/25&hid=2504494909&lg=EN&cc=PL&unqvl=22 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...8&ts=1377241752 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-re...=2&systemid=410 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...8&ts=1377241752 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-re...=2&systemid=410 IE - HKCU\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4C5001D7D9EF54D&affID=119357&tsp=4979 IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-...8&ts=1377241752 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN64634776910812249&UM=1 IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1& FF - prefs.js..browser.search.defaulturl: "http://websearch.sea...unqvl=22&l=1&q=" FF - prefs.js..browser.startup.homepage: "http://websearch.sea...&cc=PL&unqvl=22" FF - prefs.js..browser.startup.homepage: "http://www.delta-hom...8&ts=1377241752" FF - prefs.js..browser.search.defaultenginename: "delta-homes" FF - prefs.js..browser.search.order.1: "delta-homes" [2013-07-20 17:10:11 | 000,000,000 | ---D | M] (saife Savee) -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\Extensions\eiiioa@a-.net [2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\babylon.xml [2013-07-31 09:38:21 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\BrowserDefender.xml [2013-07-20 20:11:28 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\delta.xml [2013-07-20 17:10:16 | 000,007,845 | ---- | M] () -- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\qlrvx5sx.default\searchplugins\WebSearch.xml CHR - default_search_provider: delta-homes (Enabled) CHR - default_search_provider: search_url = http://search.delta-...type=default&q={searchTerms} CHR - homepage: http://www.delta-hom...8&ts=1377241752 CHR - Extension: Hola Toolbar = C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hfikdpojhgckaejifppccjeedkjcndpp\1.0_1\ O2 - BHO: (saife Savee) - {0F16CD64-6CD4-D095-22B0-6D9440BC56A1} - C:\Documents and Settings\All Users\Dane aplikacji\saife Savee\51c959d7abb59.dll () O2 - BHO: (SearchNewTab) - {2D93D711-BC37-3CBC-E019-C4AD1B9F3B48} - C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab\51c959e07af82.dll () O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O4 - HKCU..\Run: [lollipop_08281543] c:\documents and settings\kuba\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08281543.exe () O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.) O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\kuba\USTAWI~1\Temp\MSDCSC\msdcsc.exe) - C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC\msdcsc.exe (Microsoft Corp.) O4 - Startup: C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\explore.exe () :Files C:\Documents and Settings\kuba\Ustawienia lokalne\Dane aplikacji\Lollipop C:\Documents and Settings\kuba\Dane aplikacji\WinZipper C:\WINDOWS\tasks\At*.job C:\Documents and Settings\kuba\Ustawienia lokalne\Temp\MSDCSC C:\Documents and Settings\All Users\Dane aplikacji\SearchNewTab C:\Documents and Settings\All Users\Dane aplikacji\saife Savee C:\Program Files\WinZipper C:\Documents and Settings\All Users\Dane aplikacji\eSafe C:\Documents and Settings\All Users\Menu Start\Programy\WinZipper C:\WINDOWS\system32\UAService7.exe C:\Program Files\uTorrentControl_v6 C:\WINDOWS\system32\28463 C:\Program Files\WinPcap :Services winzipersvc WsysSvc UserAccess7 rpcapd :Commands [emptytemp] Kliknij [b]Wykonaj skrypt,[/b] pokaż raport. [b]3.[/b] Użyj [url=http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner][b]AdwCleaner[/b][/url] z opcji [b]Usuń.[/b] Pokaż raport. [b]4.[/b] Pokaż zestaw nowych logów.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.